LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

How I Found a Subdomain Takeover Bug and Earned a $500 Bounty

3 days ago 15
BOOK THIS SPACE FOR AD
ARTICLE AD

A subdomain takeover occurs when a subdomain is pointing to an external service or website that no longer exists, has expired, or is available for someone else to claim. This can lead to serious consequences, as attackers could take control of the subdomain and use it for malicious purposes like phishing or serving malware.

1. Gathering Subdomains with Subfinder

To start, I used Subfinder, an open-source tool for finding subdomains. Subfinder generated a list of subdomains, which gave me potential targets for further investigation.

2. Scanning for Open Ports

Next, I used port scanning tools to identify open ports on the discovered subdomains. Specifically, I was looking for unusual ports that might reveal interesting services or applications running on those subdomains.

During the scan, I found one subdomain with port 33703 open.

3. Uncovering the Vulnerability

Upon visiting the subdomain on port 33703, I noticed it was redirecting to an external website. Curiosity led me to inspect the destination further, and to my surprise, the external domain was available for purchase!

Read Entire Article
  3. How I Found a Subdomain Takeover Bug and Earned a $500 Bounty

Related

Single endpoint leads to two bounties!(400$)

Single endpoint leads to two bounties!(400$)

Breaking Boundaries: Discovering Session Invalidation Failures in User Roles

Breaking Boundaries: Discovering Session Invalidation Failures in User Roles

Google Warns of Samsung Zero-Day Exploited in the Wild

Google Warns of Samsung Zero-Day Exploited in the Wild

Critical Vulnerabilities Expose mbNET.mini and Helmholz Industrial Routers to Attacks

Critical Vulnerabilities Expose mbNET.mini and Helmholz Industrial Routers to Attacks

Ransomware Alert: Cicada3301 Emerges as Successor to BlackCat

Ransomware Alert: Cicada3301 Emerges as Successor to BlackCat

Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers

Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers

Trending

1. Arsenal vs Shakhtar Donetsk
2. Share market today
3. North Korean South Korea
4. Indian airlines bomb threats
5. Prithvi Shaw
6. China
7. BRICS
8. Hyundai share price India today
9. Anupam Kher
10. Godavari Biorefineries IPO

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved