SUBDOMAIN TAKEOVER

A subdomain takeover happens when an attacker oversees a subdomain of a target domain. Ordinarily, this happens when the subdomain has a canonical name (CNAME) in the Domain Name System (DNS), yet no host is giving substance to it.

What is a Subdomain Takeover?

Subdomain takeover attackers are a class of safety issues where an attacker can hold onto control of an association's subdomain by means of cloud administrations like AWS or Purplish blue/Azure. They usually happen when web projects are finished yet the subdomain DNS passages are not completely closed down.

The most widely recognized situations which make a subdomain takeover possible are:

1) The CNAME record of the impacted subdomain focuses on a domain that can be guaranteed by an assailant/attacker.

2) The A record focuses on an IP address that can be enlisted by an assailant/attacker.

What is the purpose of subdomain takeover? | What is the impact/risk of subdomain takeover?

Bypassing CSRF protection
Access and Modify Cookies
Phishing
Leak of OAuth 2.0 Tokens
Bypass Content Security Policy
Abusing Over trusting CORS-Aware Servers

Below is the top list of subdomain takeover writeups.

If you want to submit your writeups in the list. Submit Here

Top 25+ Fastly Subdomain Takeover Writeups - Thebughacker

SUBDOMAIN TAKEOVER

What is a Subdomain Takeover?

The most widely recognized situations which make a subdomain takeover possible are:

What is the purpose of subdomain takeover? | What is the impact/risk of subdomain takeover?

Below is the top list of subdomain takeover writeups.

Top 50+ XSS Bug Bounty Writeups | Cross-Site Scripting(XSS) Attacks Reports

Understanding and Preventing Insecure Direct Object Reference (IDOR) Vulnerabilities in Web Applications

Bug Bounty Programs: Your Ultimate Guide To Rewards, Security, And FAQ

Contact Form