Subdomain Takeover via Wufoo Service in a Private Program

Program : Private Program On Hackerone
Bug Type : Subdomain Takeover
Service : WUFOO
Severity :  Medium (cause it redirect)
Reward : 500$
Subdomain :

Wufoo's HTML form builder helps you create online web forms. Use our web form creator to power your contact forms, online surveys, and event registrations.

Steps and how I found this Bug 

When I go directly to the Subdomain 
It redirect me to another subdomain and Show me this error

First I notice that Profile Not found 
So I searched About Wufoo and See what it do

1) When you create a free profile on Wufoo 
they give you a Subdomain for your profile

2) You can change it later so I changed it to subdomian cname which was not found

3) Created a Form to provide more Poc 

4 ) Seems this Poc is enough if you wanna add a page or JavaScript Codes
 you will upgrade your free account 


Post a Comment