SUBDOMAIN TAKEOVER
A subdomain takeover happens when an attacker oversees a subdomain of a target domain. Ordinarily, this happens when the subdomain has a canonical name (CNAME) in the Domain Name System (DNS), yet no host is giving substance to it.
What is a Subdomain Takeover?
Subdomain takeover attackers are a class of safety issues where an attacker can hold onto control of an association's subdomain by means of cloud administrations like AWS or Purplish blue/Azure. They usually happen when web projects are finished yet the subdomain DNS passages are not completely closed down.
The most widely recognized situations which make a subdomain takeover possible are:
1) The CNAME record of the impacted subdomain focuses on a domain that can be guaranteed by an assailant/attacker.
2) The A record focuses on an IP address that can be enlisted by an assailant/attacker.
What is the purpose of subdomain takeover? | What is the impact/risk of subdomain takeover?
Below is the top list of subdomain takeover writeups.
- How I bought my way to subdomain takeover on tokopedia
- Subdomain Takeover via pantheon
- Subdomain takeover : a unique way
- Escalating subdomain takeover to steal sensitive stuff
- Subdomain takeover awarded 200
- Subdomain takeover via wufoo service
- Subdomain takeover via Hubspot
- Subdomain takeover : new level
- Subdomain takeover due to misconfigured project settings for custom domain
- Subdomain takeover via shopify vendor
- Subdomain takeover via unsecured s3 bucket
- Subdomain takeover worth 200
- How to do 55000 subdomain takeover in a blink of an eye
- Subdomain takeover Starbucks (Part 2)
- Subdomain takeover Starbucks
- Uber wildcard subdomain takeover
- Bugcrowd domain subdomain takeover vulnerability
- Subdomain takeover vulnerability (Lamborghini Hacked)
- Authentication bypass on uber's SSO via subdomain takeover
- Authentication bypass on SSO ubnt.com via Subdomain takeover of ping.ubnt.com
If you want to submit your writeups in the list. Submit Here