Security Report: Subdomain Takeover of https://go.polymath.network Pointing to unbounce #884
Description
Hi Polymath Security Team,
I found that your website is suffering from subdomain takeover pointing to Unbounce pages but no such page is connected to the external server which is very dangerous.
Steps to Takeover:
- Log in to Unbounce.
- Select the sub-account where you want to add your custom domain.
- Open the Domains tab from the side navigation bar.
- Click Add a Domain.
- Select the type of custom domain, either a root domain or a sub-domain.
- Enter your domain name.
- Add Domain to confirm.
This unused subdomain can claim by anyone and fully take over it.
And attacker can fully takeover this subdomain and do whatever he wants. this can cause huge damage to the website's main domain as well as to the company.
Impact
This vulnerability is rated as severe due to the increased impact that can be escalated
I can escalate this issue to a more severe vulnerability where I can create an email address that act as admin or support team
for example:
admin@go.polymath.network
support@go.polymath.network
I Recommend to remove the Cname and Dns connecting to it.
You can read about this sort of attacks here : http://labs.detectify.com/post/109964122636/hostile-subdomain-takeover-using
Please Consider my report to Support my study
Thank you,
Karl