Feb 15, 2019

Subdomain Takeover via HubSpot


Last Year I was able to Subdomain takeover in A public Program via HubSpot Service and After that the Program closed my report as informative by a HackerOne Staff. 

Some Researchers says " You can't takeover subdomains via HubSpot any more " after the report of Frans Rosen https://hackerone.com/reports/38007 it was  4 years ago and Seems that Hubspot fixed Their DNS services.

In This Blog I want only to say and Provide that 
HubSpot is still vulnerable to subdomain takeovers

In my Report I was able to ByPass the DNS Confirmation and made the subdomain connect direct to my new DNS 

Subdomain Takeover via HubSpot Finger Print 



Share This
Previous Post
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student