Apr 13, 2019

[ Special Case ] HerkoKuDns is Still vulnerable to Subdomain Takeovers ( Live PoC )

Advertisement



Today I will Share a New Found about 
Subdomain Takeovers
Via HeroKuDNS 
[ Edge Case ]

Many Blogs says You can't takeover from herokudns any more 
because now they use a Random cname generator 

In this blog I will explain How could I takeover this Domain 
And Adding it to my Custom Domains List on my heroku dashboard
-----------------------------------------------
Explain 
Simply 
1) if you see the this pic 
which Show you in Title " No Such App "


2) Now Go to see DNS of the Subdomain 
if you found it like this ( IPS) 

3) You can Add it Directly to your Heroku Account to any App as a Custom domain 
Yes When You add it you will get a Random Cname Like what happen when I added dns-scratch.me to my account 



4)  Domain or Subdomain is now Connected 



---------------------------------------------------------

Share This
Latest
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student

0 comments: