Subdomain Takeover Pointing To Surveysparrow

Subdomain Takeover Pointing To SurveySparrow

Reported to Private
Reported by Haqtify
Medium (5.8)
Published 3 years ago
No Likes

URL:

https://insights.privatesite.com

Description:

Haqtify recently found a Subdomain takeover vulnerability pointing to Surveysparrow. Subdomain takeover vulnerabilities take place when a subdomain (subdomain.example.com) is pointing to a 3rd party service (e.g. Shopify, Surveysparrow, GitHub pages, Heroku, etc.) that has been removed or expired.

Possible To Takeover Hint:

insights.privatesite.com will redirect to surveysparrow.com (marketing page)

Steps To Reproduce:

Create an account on Surveysparrow.
Add vulnerable subdomain ( insights.privatesite.com ) on Surveysparrow general area (check screenshot below).
DNS Verified. Subdomain Takeover and Private Company Surveysparrow Account Takeover successfully :

Mitigation:

Remove the affected DNS record.
Claim the subdomain.

Subdomain Takeover Pointing to Shopify
Subdomain Takeover Pointing to branch io
Subdomain Takeover Pointing to Heroku