Subdomain takeover dew to missconfigured project settings for Custom domain .

Prial Islam Khan
Oct 25, 2018 · 3 min read

Hi readers ,

Today I will write about Subdomain takeover . It’s a common Security issue what is actually developers mistake when they left a Unused/unclaimed 3rd party Service DNS CNAME record for a subdoamin of theirs and Hackers can claim those subdomains with the help of external services it pointing to what could lead to serious issues . You can learn more about Subdomain takeover from detectify blog .

While testing I got a domain what is under flock company . So I stared looking at it’s subdomains and got subdomain . When I visited the subdomain in browser I got a error like below screenshot :-

Error Page

This took my attention . So I checked the DNS record for this domain .

R3liGiOus_HuNt3r$ dig; <<>> DiG 9.10.6 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13182
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
; EDNS: version: 0, flags:; udp: 512
; IN A
;; Query time: 69 msec
;; WHEN: Mon Jul 09 04:58:06 +06 2018
;; MSG SIZE rcvd: 175

From above record we can say the subdomain is pointing to CNAME . So I start looking at custom domain documents on website to understand how they works . From their document I understand that :-

  • You need a subdomain pointing to your subdomain [] .
  • Your subdomain should be configured in domains settings in following page<project

So to takeover I need to check if is alreday claimed of not . But Unfortunately it was already claimed :( . But I have seen many such services doesn’t force users to verify their ownership of domains by using same CNAME txt record like their service subdomain . So still there’s a hope .

I opened a account in and I got a subdomain . Then I go to domains settings and in Custom Domain Field used as value and save changes .

Now when I visited It redirected me to this page what saying now that Not Yet Active.

See page title ;)

This is showing as I am using a trail account . In the webpage title you will see my project name what I used while creating the project . So now this domain is serving my contents from project page .

How to avoid such issues ? :- Always update your DNS records . remove CNAME or any other DNS records what is not in used .

If you find a security vulnerability feel free to contact them via

Thanks for reading . You can find me on Facebook anytime :-

Prial Islam Khan

Written by

A teenager boy with passion of Breaking Security .

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade