Subdomain Takeover

Explanation
1.Domain name (sub.example.com) uses a CNAME record for another domain (sub.example.com CNAME anotherdomain.com). 
2.At some point, anotherdomain.com expires and is available for anyone's registration. 
3.Since the CNAME record is not removed from the DNS zone of example.com, anyone who records anotherdomain.com has full control over sub.example.com until the DNS record is present.
Resources
Subdomain Takeover: Proof Creation for Bug Bounties
Patrik Hudak
GitHub - EdOverflow/can-i-take-over-xyz: "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
GitHub

Last modified 1yr ago