Subdomain takeover at info.hacker.one

Program: hackerone Bug Type: Subdomain takeover Bounty: Unspecified Date: 2017-02-02

subdomain-takeover

Summary

The researcher discovered that the subdomain info.hacker.one had a CNAME entry pointing to unbouncepages.com, an external page hosting service. By exploiting a 0-day vulnerability in Unbounce's API, it was possible to claim any domain pointing to the service, bypassing their normal ownership restrictions. This allowed the attacker to fully control the subdomain and host arbitrary content, enabling phishing, credential theft, or other targeted attacks.

This summary was generated by AI.

References

https://hackerone.com/reports/202767
https://infosecwriteups.com/hundreds-of-hundreds-subdomains-hack3d-including-hacker0ne-ad3acd1c0a44

← Back to Reports