Top 25+ Fastly Subdomain Takeover Writeups - Thebughacker

 

Subdomain Takeover

SUBDOMAIN TAKEOVER 

A subdomain takeover happens when an attacker oversees a subdomain of a target domain. Ordinarily, this happens when the subdomain has a canonical name (CNAME) in the Domain Name System (DNS), yet no host is giving substance to it.


What is a Subdomain Takeover? 

Subdomain takeover attackers are a class of safety issues where an attacker can hold onto control of an association's subdomain by means of cloud administrations like AWS or Purplish blue/Azure. They usually happen when web projects are finished yet the subdomain DNS passages are not completely closed down.

The most widely recognized situations which make a subdomain takeover possible are:

1) The CNAME record of the impacted subdomain focuses on a domain that can be guaranteed by an assailant/attacker.

2) The A record focuses on an IP address that can be enlisted by an assailant/attacker.


What is the purpose of subdomain takeover? | What is the impact/risk of subdomain takeover?

  1. Bypassing CSRF protection
  2. Access and Modify Cookies
  3. Phishing
  4. Leak of OAuth 2.0 Tokens
  5. Bypass Content Security Policy
  6. Abusing Over trusting CORS-Aware Servers
Subdomain Takeover Writeups


Below is the top list of subdomain takeover writeups.


If you want to submit your writeups in the list. Submit Here 


Previous Post Next Post

Contact Form