Subdomain takeover in GitLab Pages [george.ratelimited.me]
High
R
RATELIMITED
Submitted None
Actions:
Reported by
fdeleite
Vulnerability Details
Technical details and impact analysis
It's possible to take over subdomains that point to GitLab Pages. While adding a subdomain no verification of domain ownership is required.
## POC Steps
1. Go to http://george.ratelimited.me/ (tested in Firefox)
{F3307364}
## Impact
Attackers could perform several attacks like:
- Cookie Stealing
- Phishing campaigns.
- Bypass Content-Security Policies and CORS.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved