Feb 15, 2019

Subdomain Takeover via HubSpot

Advertisement





Last Year I was able to Subdomain takeover in A public Program via HubSpot Service and After that the Program closed my report as informative by a HackerOne Staff. 

Some Researchers says " You can't takeover subdomains via HubSpot any more " after the report of Frans Rosen https://hackerone.com/reports/38007 it was  4 years ago and Seems that Hubspot fixed Their DNS services.

In This Blog I want only to say and Provide that 
HubSpot is still vulnerable to subdomain takeovers

In my Report I was able to ByPass the DNS Confirmation and made the subdomain connect direct to my new DNS 

Subdomain Takeover via HubSpot Finger Print 

 POC





*************************************

Share This
Previous Post
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student

0 comments: