Skip to content

Hostile Subdomain Takeover

Hostile Subdomain Takeover

When a DNS subdomain is attached to a service like Heroku, Github, and Desk. The DNS subdomain points to a diffrent subdomain For example

TYPE |Domain Name | Canonical Name
CNAME |x.example.com | thisisatest.herokussl.com

If x.example.com has no service attached to it then you can register on Heroku and takeover the cannonical domain

Services that are vulnerable include

Heroku, Github, Bitbucket, Squarespace, Shopify, Desk, Teamwork, Unbounce, Helpjuice, HelpScout, Pingdom, Tictail, Campaign Monitor, CargoCollective, StatusPage.io and Tumblr.