MoinQ:

DNS/hijacking/事例/starbucksについて、ここに記述してください。

Subdomain Takeover: Starbucks points to Azure https://0xpatrik.com/subdomain-takeover-starbucks/

This post is the write-up about bug bounty report that I reported back in March 2018 to Starbucks.

Although I have written about subdomain takeover in multiple posts, this case was somehow different.

HackerOne Report

The domain in question was svcgatewayus.starbucks.com.

I realized that I have never talked about Microsoft Azure as a potential vector for subdomain takeover.


I have to say that I find the Azure portal very messy.