Title:
Github Subdomain Takeover
Summary :
Subdomain takeover vulnerabilities occur when a subdomain (subdomain.example.com) is pointing to a service (e.g. GitHub pages, Heroku, etc.) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that subdomain. For example, if subdomain.example.com was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing subdomain.example.com, and claim subdomain.example.com.
Steps to find a vulnerability :
Vulnerable url : https://docs.parami.io
• It was easy to guess the CNAME of parami github pages which is parami.github.io
• As the CNAME is also available and subdomain is also empty, the subdomain is vulnerable to subdomain takeover.
• One should not public the CNAME publicly
Impact:
Risk, fake, website malicious code injection, users tricking company impersonation This issue can have really huge impact on the companies reputation someone could post malicious content on the compromised site and then your users will think it's official but it's not.
If the subdomain is not used then you can remove this subdomain from your dns entry.
Reference
Below hackerone report show critical any subdomain takeover is :
https://hackerone.com/reports/325336
Additional context
Add any other context about the problem here.