Hi! My name is Ali and i am security researcher from Pakistan.
In this article i will explain how i takeover a subdomain which is mapped on netlify. Netlify is platform for web developers to upload their web projects and showcase to world.Netlify allow web developers to add custom domain or subdomain to their projects.
So i was searching for sites on google using some my recent google dorks.I land to a page site.com/white_hat(i am not disclosing site due to some reasons,Don’t mind :D) and i saw their scope for testing. I just open findsubdomains.com and try to get some subdomains.
I saw a subdoamin which was like this hootsuite.site.com and while opening it is just showing “Not Found”
I just check the CNAME record of this subdomain because CNAME will tell you on which 3rd party site the subdomain is mapped.So i got this CNAME.
I register on netlify.com and upload the web project first.Then it ask me to add custom subdomain.
So I just add the subdomain and click on verify.
So on few clicks the subdomain was mine :D I fully takeover the site. I uploaded a screenshot on twitter :D
After 15 minutes of reporting i got reply from their CTO and he rewarded me 200$ for this takeover.
I hope you enjoyed this takeover and this will help you to understand how you can claim subdomain if this was not claimed before.
Thanks for reading.Keep Sharing and Happy Hunting!