Subdomain Takeover via service - Mohamed Haron

Mohamed Haron

This Personal Blog about Security and Writes-Up

Feb 15, 2019 Subdomain Takeover via service

Program :  Souq

Vulnerability : Subdomain Takeover 

Impact  : High

`` was vulnerable to subdomain takeover via `` Service

When I visit it was shown me an error ( finger print )

So I started to see the cname 
 `` was has a cname ``

So I go directly to the service provider and they was allowed me to take the cname `

`` not allowed me to connect it directly seems there was a Bug ! 

 After 1 day I notice that subdomain has been connected to the cname in some paths example : `/app/share/`

Funny thing there is someone apply to fake Security Job ! 😀

Time line 
2019-02-04: Bug reported
2019-01-05: Fixed with no comments 
2019-01-06: Closed as Informative ! 

No comments:

Post a Comment