Feb 18, 2019

2 Subdomains Takeover via Unbounce in a Private Program

Advertisement








Many Researchers asked me about this takeover is still exist or fixed ? 
Yes this takeover still exist with 3 scenarios 
as Akita Zen said 


*****************************
Bug Type : Subdomain Takeover 
Service : Unbounce 
Severity : Critical 
Program : Private on Hackerone
Status : Duplicate after fixing it

*************************
In a Private Program on HackerOne I've found a 2 subdomains
get.example.com
try.example.com
 has an cname  pointing to unbouncepages.com
and show me the takeover error ( Finger print ) 
So I made an account and tried to add the domain to my page on unbounce and it connected Successful 


Steps to takeover 
1) create an account on unbounce with credit card  
2) create your unbounce page 
3) add a domain to your page 
if give you the domain is already taken this mean there is no takeover.
example : info.hacker.one
its show us the takeover finger print but its already worked and added to another account so there is no takeover in it.




Timeline 
Reported : 6 Nov,2018
Traiged : 7 Nov,2018
I notice that they Fixed it : 7 Nov,2018 after 2 hours 
Duplicate : 10 Nov,2018


******************************
Share This
Previous Post
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student

0 comments: