Feb 15, 2019

Souq.com Subdomain Takeover via jazzhr.com service


Program :  Souq

Vulnerability : Subdomain Takeover 

Impact  : High

`jobs.souq.com` was vulnerable to subdomain takeover via `jazzhr.com` Service

When I visit jobs.souq.com it was shown me an error ( finger print )

So I started to see the cname 
 `Jobs.souq.com` was has a cname `souq.applytojob.com`

So I go directly to the service provider and they was allowed me to take the cname `souq.applytojob.com

`jobs.souq.com` not allowed me to connect it directly seems there was a Bug ! 

 After 1 day I notice that subdomain has been connected to the cname in some paths example : `/app/share/`

Funny thing there is someone apply to fake Security Job ! 😀

Time line 
2019-02-04: Bug reported
2019-01-05: Fixed with no comments 
2019-01-06: Closed as Informative ! 

Share This
Previous Post
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student