🕵️ Equifax: Subdomain takeover at http://test.www.midigator.com
Nachrichtenbereich: 🕵️ Sicherheitslücken
🔗 Quelle: vulners.com
Vulnerability Subdomain test.www.midigator.com points to an AWS S3 bucket that no longer exists. I was able to take control of this bucket and serve my own content on it. Proof Of Concept code $ dig test.www.midigator.com [snipped] ;; ANSWER SECTION: test.www.midigator.com. 60 IN CNAME test.www.midigator.com.s3-website-us-west-1.amazonaws.com. test.www.midigator.com.s3-website-us-west-1.amazonaws.com. 59 IN CNAME s3-website-us-west-1.amazonaws.com. s3-website-us-west-1.amazonaws.com. 4 IN A 52.219.193.3 {F1963195} Remediation Remove the CNAME entry for the test.www.midigator.com Impact Subdomain... ...