2 Subdomains Takeover via Unbounce in a Private Program

Many Researchers asked me about this takeover is still exist or fixed ? 
Yes this takeover still exist with 3 scenarios 
as Akita Zen said 

Bug Type : Subdomain Takeover 
Service : Unbounce 
Severity : Critical 
Program : Private on Hackerone
Status : Duplicate after fixing it

In a Private Program on HackerOne I've found a 2 subdomains
 has an cname  pointing to unbouncepages.com
and show me the takeover error ( Finger print ) 
So I made an account and tried to add the domain to my page on unbounce and it connected Successful 

Steps to takeover 
1) create an account on unbounce with credit card  
2) create your unbounce page 
3) add a domain to your page 
if give you the domain is already taken this mean there is no takeover.
example : info.hacker.one
its show us the takeover finger print but its already worked and added to another account so there is no takeover in it.

Reported : 6 Nov,2018
Traiged : 7 Nov,2018
I notice that they Fixed it : 7 Nov,2018 after 2 hours 
Duplicate : 10 Nov,2018


Post a Comment