How I Found a Subdomain Takeover Bug and Earned a $500 Bounty

1 month ago 28
BOOK THIS SPACE FOR AD
ARTICLE AD

A subdomain takeover occurs when a subdomain is pointing to an external service or website that no longer exists, has expired, or is available for someone else to claim. This can lead to serious consequences, as attackers could take control of the subdomain and use it for malicious purposes like phishing or serving malware.

1. Gathering Subdomains with Subfinder

To start, I used Subfinder, an open-source tool for finding subdomains. Subfinder generated a list of subdomains, which gave me potential targets for further investigation.

2. Scanning for Open Ports

Next, I used port scanning tools to identify open ports on the discovered subdomains. Specifically, I was looking for unusual ports that might reveal interesting services or applications running on those subdomains.

During the scan, I found one subdomain with port 33703 open.

3. Uncovering the Vulnerability

Upon visiting the subdomain on port 33703, I noticed it was redirecting to an external website. Curiosity led me to inspect the destination further, and to my surprise, the external domain was available for purchase!

Read Entire Article