1. Subdomain_takeover

/bounty

A Guide To Subdomain Takeovers

https://www.hackerone.com/blog/Guide-Subdomain-Takeovers

Subdomain Takeover 概観 https://diary.shift-js.info/subdomain-takeover/

Cristian Cornea Mar 16, 2022 · Top 25 Subdomain Takeover Bug Bounty Reports https://corneacristian.medium.com/top-25-subdomain-takeover-bug-bounty-reports-f6e386ba4413

Fastly Subdomain Takeover $2000 Bug Bounty — From zero to HERO https://infosecwriteups.com/fastly-subdomain-takeover-2000-217bb180730f


https://github.com/EdOverflow/can-i-take-over-xyz/blob/master/README.md

EdOverflow/can-i-take-over-xyz

Can I take over XYZ?

What is a subdomain takeover?

Subdomain takeover vulnerabilities occur when a subdomain (subdomain.example.com) is pointing to a service (e.g. GitHub pages, Heroku, etc.) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that subdomain. For example, if subdomain.example.com was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing subdomain.example.com, and claim subdomain.example.com.

危ないサービスのリストが続いている。

MoinQ: Subdomain_takeover (last edited 2023-03-21 13:41:24 by ToshinoriMaeno)