[ Special Case ] HerkoKuDns is Still vulnerable to Subdomain Takeovers ( Live PoC )

Today I will Share a New Found about 
Subdomain Takeovers
Via HeroKuDNS 
[ Edge Case ]

Many Blogs says You can't takeover from herokudns any more 
because now they use a Random cname generator 

In this blog I will explain How could I takeover this Domain 
And Adding it to my Custom Domains List on my heroku dashboard
1) if you see the this pic 
which Show you in Title " No Such App "

2) Now Go to see DNS of the Subdomain 
if you found it like this ( IPS) 

3) You can Add it Directly to your Heroku Account to any App as a Custom domain 
Yes When You add it you will get a Random Cname Like what happen when I added dns-scratch.me to my account 

4)  Domain or Subdomain is now Connected 



Post a Comment


  1. Incase you want to recon subdomains I have intergrate 5 best tools including the famous nmap's dns-brute