Just Say WelcomeComing Soon
DescriptionSubdomain takeover vulnerabilities occur when a subdomain (subdomain.example.com) is pointing to a service (e.g. GitHub pages, Heroku, etc.) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that subdomain. For example, if subdomain.example.com was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing subdomain.example.com, and claim subdomain.example.com.
Security ImpactA successful subdomain takeover enables an attacker to serve content on the subdomain. If the subdomain is a child domain of the service’s basename, then the attacker can read and set cookies on the basename too – subdomain.example.com can set cookies for example.com.
RemediationMake sure to remove the DNS entry on the subdomain pointing to the deleted service to ensure that nobody can take it over.
contact me if you have any question.
best regards, Ogata Rina