Subdomain Takeover

Summary

Subdomain Takeover refers to potential control over a subdomain due to misconfigured DNS records or abandoned third-party services.

Description

A Subdomain Takeover vulnerability occurs when a subdomain points to a third-party service (like a cloud service) that has been removed or deleted. An attacker can then register the third-party service in their name and effectively take control of the subdomain. Attackers having control over an organizational domain can lead to malicious content being served, data theft, and reputational damage.

Remediations

Regularly audit and verify the ownership of third-party services linked to your subdomains.
Remove DNS entries for services that are no longer in use.

References

https://github.com/EdOverflow/can-i-take-over-xyz/

https://www.hackerone.com/blog/Guide-Subdomain-Takeovers

hackstack

Anatomy

Usually precedes

Misconfigured CORS

Account Takeover

Cross Site Request Forgery (CSRF)

Cross Site Scripting (XSS) - Stored

Affected components

DNS Configuration

Web application subdomains

Session