Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

Sub domain take over in gratipay.com

None
G
Gratipay
Submitted None
Actions:
View on HackerOne
Reported by anshad

Vulnerability Details

Technical details and impact analysis

Violation of Secure Design Principles
# Summary Sub domain take over in gratipay.com # Description I scanned gratipay.com using knockpy to find the sub domains. I found one subdomain 'www.gratipay.com.herokudns.com'. But this sub domain is not registered in heroku. An attacker can buy this sub domain from heroku. # Browsers Verified In * Firefox * Chrome # Steps To Reproduce 1. use the 'knockpy gratipay.com' command in knockpy to find sub domains . You will get one domain like 'www.gratipay.com.herokudns.com'. 1. Test this domain in browser. Then you will get error message from heroku. Please refer attached screen shot for more clarity.

Report Details

Additional information and metadata

State

Closed

Substate

Informative

Submitted

Weakness

Violation of Secure Design Principles