Subdomain Takeover at test.shipt.com

A researcher identified a stale DNS record that pointed to an abandoned test Heroku instance. This allowed for subdomain takeover. This was not an actively used subdomain and was not linked in any of our production applications. Nonetheless, Shipt Security immediately addressed the issue and awarded the researcher with an appropriate bounty.