Getservice Subdomain Takeover via Branch.io

  • Reported to Getservice
  • Reported by Haqtify
  • Medium (6.2)
  • $500
  • Published 4 months ago
  • No Likes

URL :

http://referrals-test.getservice.com

Description :

I opened referrals-test.getservice.com on the browser it was redirecting on branch.io that mean anyone can claim it via branch.io. Company should remove the DNS or redirect all to the main domain far from open individually to claim an attacker to take over.

CNAME:

Type : CNAME

Domain Name : referrals-test.getservice.com

Canonical Name : custom.bnc.lt

Steps To Reproduce:

1 Goto branch.io

https://dashboard.branch.io

2.Then goto Configuration.

https://dashboard.branch.io/configuration/general

3.Goto Link Domain Section and add expired domain.

 

4.Domain Takeover Successfully . Now redirect User to any malicious domain via referrals-test.getservice.com , i can set evil.com for redirection.