Subdomain Takeover: My $450 Win & How You Can Do It Too
1 min read
Summary
A subdomain takeover occurs when a subdomain is pointing to a third-party service that is either unclaimed or deleted.
This creates a vulnerability where an attacker could claim the subdomain and host malicious content.
The attacker could then use this to their advantage for phishing, impersonation, or hosting dangerous malware and distributing it via the Domain Name System (DNS).
As examples, Ehtesham ul Haq discovered that Target had abandoned its sportsbook subdomain, which still pointed to Vercel, allowing ul Haq to claim the subdomain and point it at a phishing site.
Similarly, Shopify’s puncture subdomain, also pointing to Vercel, was abandoned, and attackers were able to hijack it.
These examples highlight the importance of ensuring that subdomains are properly managed and thatutherland is regularly carried out to ensure that third-party services are still in use.