Hey Guys, Its KRiPPto99 Back again. In today’s blog I’m going to show you Top 10 Bug Bounty reports But At First Lets Learn Basics
What is Subdomain Takeover Attack ?
A subdomain takeover vulnerability occurs when a attacker hijack a subdomain from victim’s site. Once the attacker takeover the subdomain, they can do anything with that site from attacker perspective
How Subdomain Takeovers work?
A subdomain takeover happens once a user will management the information science addresses or URLs that associate degree A record or a CNAME record points to. A common example of this vulnerability involves the web site hosting platform Heroku. in an exceedingly typical advancement, a website developer creates a brand new application and hosts it on Heroku. Then the developer creates a CNAME record for a subdomain of their main website and points that subdomain to Heroku. Here’s a theoretical example wherever this situation will go wrong:
1. Example Company registers AN account on the Heroku platform and doesn’t use SSL.
2. Heroku assigns Example Company the subdomain unicorn457.herokuapp.com for its new application.
3. Example Company creates a CNAME record with its DNS provider inform the subdomain take a look at..com to unicorn457.herokuapp.com.
4. once some of months, Example Company decides to get rid of its test..com subdomain. It closes its Heroku account and deletes the positioning content from its servers. however it doesn’t delete the CNAME record.
5. A malicious person notices the CNAME record inform to AN unregistered computer address on Heroku and claims the domain unicorn457.heroku.com
Top 10 Reports
#1
Title: Multiple Subdomain takeovers via unclaimed instances
Company: Starbucks
Bounty: $8,000
Link: https://hackerone.com/reports/276269
#2
Title: Authentication bypass on auth.uber.com via subdomain takeover of saostatic.uber.com
Company: Uber
Bounty: $5,000
#3
Title: Subdomain takeover on svcgatewaydevus.starbucks.com and svcgatewayloadus.starbucks.com
Company: Starbucks
Bounty: $4,000
#4
Title: Subdomain takeover on http://fastly.sc-cdn.net/
Company: Snapchat
Bounty: $3,000
#5
Title: Subdomain Takeover to Authentication bypass
Company: Roblox
Bounty: $2,500
#6
Title: Subdomain takeover of translate.uber.com, de.uber.com and fr.uber.com
Company: Uber
Bounty: $2,250
#7
Title: Subdomain takeover of mydailydev.starbucks.com
Company: Starbucks
Bounty: $2,000
#8
Title: Subdomain takeover of d02–1-ag.productioncontroller.starbucks.com
Company: Starbucks
Bounty: $2,000
#9
Title: Subdomain takeover on happymondays.starbucks.com due to non-used AWS S3 DNS record
Company: Starbucks
Bounty: $2,000
#10
Title: Subdomain takeover on svcgatewayus.starbucks.com
Company: Starbucks
Bounty: $2,000
That’s It For Today Guys Siiiyaaaaaaaaa
