Subdomain Takeover Private Program 2025-05-01
Subdomain Takeover via Dangling CNAME
Severity: High | Status: Resolved
Summary
The subdomain beta.target.com had a CNAME pointing to an unclaimed Azure blob storage, allowing takeover.
Proof of Concept
dig beta.target.com CNAME
# Returns: targetbeta.blob.core.windows.net (NXDOMAIN)
# Claim the storage account and host malicious contentImpact
Phishing attacks, cookie stealing via same-origin policy abuse.
Responsible Disclosure
This vulnerability was reported responsibly and fixed by the vendor before public disclosure.