1. Subdomain_takeover
| /Microsoft /bounty |
Contents
A Guide To Subdomain Takeovers
- Hacker Resources
https://www.hackerone.com/blog/Guide-Subdomain-Takeovers
Subdomain Takeover 概観 https://diary.shift-js.info/subdomain-takeover/
Cristian Cornea Mar 16, 2022 · Top 25 Subdomain Takeover Bug Bounty Reports https://corneacristian.medium.com/top-25-subdomain-takeover-bug-bounty-reports-f6e386ba4413
Fastly Subdomain Takeover $2000 Bug Bounty — From zero to HERO https://infosecwriteups.com/fastly-subdomain-takeover-2000-217bb180730f
https://github.com/EdOverflow/can-i-take-over-xyz/blob/master/README.md
EdOverflow/can-i-take-over-xyz
Can I take over XYZ?
- A list of services and how to claim (sub)domains with dangling DNS records.
What is a subdomain takeover?
Subdomain takeover vulnerabilities occur when a subdomain (subdomain.example.com) is pointing to a service (e.g. GitHub pages, Heroku, etc.) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that subdomain. For example, if subdomain.example.com was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing subdomain.example.com, and claim subdomain.example.com.
危ないサービスのリストが続いている。