I hope you are having a great time, I would like to share an issue which i discovered in less than 10 minutes and got rewarded $XXXX bounty within 24 hours of the submission.
So the story begins when I visited a scope, one of the subdomains and I received a certificate error. I removed SSL from the protocol and used HTTP only and the site opened without any certificate error.
The Site was giving 404 errors in the index page with pantheon stating “Unknown Site”, I felt it might be vulnerable to subdomain takeover issue.
Without wasting any time I signed up for pantheon, added payment details and created a sandbox domain, installed WordPress and added simple Title on the homepage as ” Subdomain Takeover”. The sandbox domain provided by pantheon looked like http://dev-subdomaintakeover[.]patheonsite.io/
And then I added the vulnerable domain to my pantheon account or routed the sandbox domain to vulnerable subdomain.
and within few seconds the site was updated with my sandbox domain content.
The same method was used to hack the website belonging to the current president of the United States Of America Donald J Trump.
References:
https://github.com/EdOverflow/can-i-take-over-xyz/issues/24
https://medium.com/@hussain_0x3c/hostile-subdomain-takeover-using-pantheon-ebf4ab813111
https://thehackernews.com/2017/02/donald-trump-website-hacked.html
hi , Please help ..
while enumerating for subdomain of one public program lets say redacted.com,
i found a dead subdomain and the similar web page of pantheon.io while visiting i signed up and went on creat a site box but when i enter the subdomain it is giving me error like this – The site name can only contain a-z, A-Z, 0-9, and dashes (‘-‘), cannot begin or end with a dash.
P.S. i just create a normal account and not the agency one , i cant add custom domain, what should i do please reply
Replied you on twitter. 🙂
Hi,
I created a normal account on pantheon and now I am not able to add a custom domain. For this feature, the website is asking me to buy a plan.
Is there anything I can do?
Thank you.
Hi Cyberdude,
You need a Pantheon subscription to add the domain to your site.
-Thank you
Hi smaran. Needed your help.
Just found the same subdomain takeover on one of the web. But i sent a theoritical report. They closed it as Not Applicable and asked me to provide a practical exploit.
I did as you mentioned here but the major drawback for me is that i dont have a credit card. Can u please help me if u have any test account or can u exploit it for me?
i know it sounds absurd but definietly i will pay you some part of the bounty. Hope to hear from you back.
Hi Phantom,
I would love to help you but I don’t have any active subscription of pantheon currently, let me see of there is anything i can do.
Regards,
Smaran