Close Menu
    What's Hot

    Ultimate Guide to Attack Surface Scanning

    April 10, 2025

    Recent Trends in Zero Trust Architecture

    March 3, 2025

    Modern Defensive Cybersecurity Services

    December 29, 2024
    Facebook X (Twitter) Instagram LinkedIn WhatsApp
    HITH Blog – HackerinthehouseHITH Blog – Hackerinthehouse
    • Bug Bounty

      A Beginner’s guide to Active Directory Penetration Testing

      June 21, 2023

      Building an XSS Scanner with Python

      February 27, 2023

      Journey to Website Security: Uncovering Hyperlink Injection Dangers

      February 24, 2023

      File Upload XSS | Find XSS in a different way while doing Bug bounty and Pentesting

      January 13, 2023

      How To Find DOM-based XSS Vulnerability

      December 27, 2022
    • Pen Testing

      Privileged Escalation: How Hackers Exploit Permissions to Compromise Your Systems

      March 5, 2024

      The Ultimate Guide to Vulnerability Scanning

      December 13, 2023

      Top 10 Tools for Real World Red Teaming

      November 18, 2023

      Locking Down OAuth 2.0: Critical Steps to Protect User Accounts and Data

      November 10, 2023

      Detailed guide on Password Transmutations

      April 29, 2023
    • Cyber Security

      Ultimate Guide to Attack Surface Scanning

      April 10, 2025

      Recent Trends in Zero Trust Architecture

      March 3, 2025

      Modern Defensive Cybersecurity Services

      December 29, 2024

      A Comprehensive Guide on Cyber Security Services VS Cyber Security Products

      June 14, 2024

      A Comprehensive Guide to Security Compliance

      May 6, 2024
    • Services
    • Product
      • Certifications
    • More
      1. Ethical Hacking
      2. Kali Linux
      3. Write Ups
      4. CTF
      5. Blockchain
      6. Machine Learning
      7. Computer Science
      8. View All

      Journey to Website Security: Uncovering Hyperlink Injection Dangers

      February 24, 2023

      Pentest/VAPT RoE and Best Practices

      February 3, 2023

      Emoji Deploy Attack Chain

      January 24, 2023

      Introduction to Information Security

      January 11, 2023

      Cyber Security Roadmap (Part-2)

      October 25, 2022

      How to install waybacksurls in kali linux (2022)

      September 23, 2022

      How To Find Hidden Parameters

      November 12, 2022

      Top 10 Subdomain Takeover Reports

      November 6, 2022

      Pause DeSync Attack :

      November 3, 2022

      Bypassing OTP Verification Methods

      October 31, 2022

      Tryhackme Vulnversity walkthrough

      September 26, 2022

      Ultimate Guide to Attack Surface Scanning

      April 10, 2025

      Recent Trends in Zero Trust Architecture

      March 3, 2025

      Modern Defensive Cybersecurity Services

      December 29, 2024

      Robotic Process Automation: The Key to Effortless Efficiency

      September 18, 2024

      A Peek into Facial Recognition Technology

      August 21, 2023

      How Data Scientists and Machine Learning Engineers Differs

      November 8, 2022

      Artificial Neural Networks with ML

      November 4, 2022

      INTRODUCTION TO MACHINE LEARNING

      October 20, 2022

      Robotic Process Automation: The Key to Effortless Efficiency

      September 18, 2024

      BCI: Merging Minds With Machines

      August 18, 2023

      Is Quantum Computing the future of Computing?

      August 16, 2023

      Ultimate Guide to Attack Surface Scanning

      April 10, 2025

      Recent Trends in Zero Trust Architecture

      March 3, 2025

      Modern Defensive Cybersecurity Services

      December 29, 2024

      Robotic Process Automation: The Key to Effortless Efficiency

      September 18, 2024
    HITH Blog – HackerinthehouseHITH Blog – Hackerinthehouse
    Home»Bug Bounty»Top 10 Subdomain Takeover Reports
    Bug Bounty

    Top 10 Subdomain Takeover Reports

    By KRiPPto99November 6, 2022Updated:November 6, 2022No Comments2 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Hey Guys, Its KRiPPto99 Back again. In today’s blog I’m going to show you Top 10 Bug Bounty reports But At First Lets Learn Basics

    What is Subdomain Takeover Attack ?

    A subdomain takeover vulnerability occurs when a attacker hijack a subdomain from victim’s site. Once the attacker takeover the subdomain, they can do anything with that site from attacker perspective

    How Subdomain Takeovers work?

    A subdomain takeover happens once a user will management the information science addresses or URLs that associate degree A record or a CNAME record points to. A common example of this vulnerability involves the web site hosting platform Heroku. in an exceedingly typical advancement, a website developer creates a brand new application and hosts it on Heroku. Then the developer creates a CNAME record for a subdomain of their main website and points that subdomain to Heroku. Here’s a theoretical example wherever this situation will go wrong:

    1. Example Company registers AN account on the Heroku platform and doesn’t use SSL.

    2. Heroku assigns Example Company the subdomain unicorn457.herokuapp.com for its new application.

    3. Example Company creates a CNAME record with its DNS provider inform the subdomain take a look at..com to unicorn457.herokuapp.com.

    4. once some of months, Example Company decides to get rid of its test..com subdomain. It closes its Heroku account and deletes the positioning content from its servers. however it doesn’t delete the CNAME record.

    5. A malicious person notices the CNAME record inform to AN unregistered computer address on Heroku and claims the domain unicorn457.heroku.com

     

    Top 10 Reports

    #1 

    Title: Multiple Subdomain takeovers via unclaimed instances

    Company: Starbucks

    Bounty: $8,000

    Link: https://hackerone.com/reports/276269

    #2

    Title: Authentication bypass on auth.uber.com via subdomain takeover of saostatic.uber.com

    Company: Uber

    Bounty: $5,000

    Link: https://hackerone.com/reports/219205

    #3

    Title: Subdomain takeover on svcgatewaydevus.starbucks.com and svcgatewayloadus.starbucks.com

    Company: Starbucks

    Bounty: $4,000

    Link: https://hackerone.com/reports/383564

    #4

    Title: Subdomain takeover on http://fastly.sc-cdn.net/

    Company: Snapchat

    Bounty: $3,000

    Link: https://hackerone.com/reports/154425

    #5

    Title: Subdomain Takeover to Authentication bypass

    Company: Roblox

    Bounty: $2,500

    Link: https://hackerone.com/reports/335330

    #6

    Title: Subdomain takeover of translate.uber.com, de.uber.com and fr.uber.com

    Company: Uber

    Bounty: $2,250

    Link: https://hackerone.com/reports/149679

    #7

    Title: Subdomain takeover of mydailydev.starbucks.com

    Company: Starbucks

    Bounty: $2,000

    Link: https://hackerone.com/reports/570651

    #8

    Title: Subdomain takeover of d02–1-ag.productioncontroller.starbucks.com

    Company: Starbucks

    Bounty: $2,000

    Link: https://hackerone.com/reports/661751

    #9

    Title: Subdomain takeover on happymondays.starbucks.com due to non-used AWS S3 DNS record

    Company: Starbucks

    Bounty: $2,000

    Link: https://hackerone.com/reports/186766

    #10

    Title: Subdomain takeover on svcgatewayus.starbucks.com

    Company: Starbucks

    Bounty: $2,000

    Link: https://hackerone.com/reports/325336

    That’s It For Today Guys Siiiyaaaaaaaaa

    Author

    • KRiPPto99

      View all posts

    begginerctf bug bounty bugbounty bugbountytips Cyber-Security Ethical-Hacking Subdomain Takeover Subdomain Takeover Bug Bounty Reports Subdomain TakeoverBugBountyReports SubdomainTakeover Writeups
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleArtificial Neural Networks with ML
    Next Article Brute Force Attack
    KRiPPto99

    Related Posts

    Cyber Security

    Ultimate Guide to Attack Surface Scanning

    April 10, 2025
    Cyber Security

    Recent Trends in Zero Trust Architecture

    March 3, 2025
    Cyber Security

    Modern Defensive Cybersecurity Services

    December 29, 2024
    Add A Comment
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    How to install waybacksurls in kali linux (2022)

    September 23, 20222,487 Views

    File Upload XSS | Find XSS in a different way while doing Bug bounty and Pentesting

    January 13, 2023826 Views

    OSCP Cheat Sheet

    October 16, 2022687 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Advertisement
    X (Twitter) Instagram LinkedIn WhatsApp Telegram
    • About us
    • Contact Us
    • Privacy Policy
    • Terms
    © 2025 HITH Blog. Powered by Hackerinthehouse.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.