Subdomain Takeover via - Mohamed Haron

Mohamed Haron

This Personal Blog about Security and Writes-Up

Nov 21, 2019

Subdomain Takeover via

Subdomain Takeover via
was in Private Program on BugCrowd

what is dns ?
its a dns service Belong to
if you create an account on campaignmonitor 
this will give you a subdomain on

companies count on Campaign Monitor for email campaigns
So campaignmonitor is only for emails 

Steps to subdomain Takeover example 
When I go to 
i found the site like this pic

I notice that subdomain 
is alias to

This mean the domain plan is expired on campaignmonitor
and ready to reactive on another email 

1) So I created an account on
and choose any name
name here i mean an

2) After this you need only to add the subdomain of takeover
By going to

Then Just Choose a Custom domain

3) add your vulnerable subdomain
Then Click next 
wait 1 min and the setup will be verified

Congrats 😉
 4) Now when you go to
its will show your

Takeover Steps is now finished
Now when anyone go to 
it ask him to login to Campaign Monitor
yes as I said at first Campaign Monitor is only to manage emails and Subscribes 

Now if you need to create a small Page Show 
you will only create a Subscribes Page 

Go to this Path

You can Upload your subscribe page or choose from the templates on the site

example like mine 

Reward was 900$
fixed in 10 min from report 

No comments:

Post a Comment