Security Workbook on Pentesting
Security Workbook on Pentesting
About us
References
Bug Bounty
Resources
Mindmaps
Tools Cheat Sheet
Bug Bounty & Pen-Test Templates
XSS Vulnerability
CSRF (Cross-site request forgery)
Unrestricted File Upload
Subdomain Takeover
Github Recon
Injection
IDOR (Insecure direct object references)
SSRF (Server-side request forgery)
Clickjacking
Open Redirect
Server-side request forgery (SSRF)
File Inclusion
Insecure Deserialization
Response manipulation
Directory Browsing
Race condition
Use of Default Credentials
CTF's
Powered by GitBook

Subdomain Takeover

Subdomain takeover is a process of registering a non-existing domain name to gain control over another domain.

Vulnerability Name: Subdomain takeover on [Domain name]

Vulnerability Description: Subdomain Takeover is a type of vulnerability which appears when an organization has configured a DNS CNAME entry for one of its subdomains pointing to an external service (ex. Heroku, Github, Bitbucket, Desk, Squarespace, Shopify, etc) but the service is no longer utilized by that organization. An attacker could register to the external service and claim the affected subdomain.

Here the xyz.xxxxxxx.com is pointing towards a third party service hosted on xxy.com,you can confirm it by passing the below command

nslookup xxx.xxxxxxxxxxxx.xxx 8.8.8.8

[or]

Going to ping.eu and do a dnslookup there.

Proof-of-concept: Snapshots or video link attached.

Impact:

  1. Phishing.

  2. Company impersonation.

  3. Business loss to the company.

Attack Scenario: [Create your own attack scenario according to the workflow of website]

Remediation: Remove the CNAME or claim that sub-domain, from the service provider.

​

Previous
Unrestricted File Upload
Next
Github Recon
Last updated 1 year ago