Subdomain Takeover Pointing To SurveySparrow

  • Reported to Private
  • Reported by Haqtify
  • Medium (5.8)
  • Published 3 years ago
  • No Likes



Haqtify recently found a Subdomain takeover vulnerability pointing to Surveysparrow. Subdomain takeover vulnerabilities take place when a subdomain ( is pointing to a 3rd party service (e.g. Shopify, Surveysparrow, GitHub pages, Heroku, etc.) that has been removed or expired.

Possible To Takeover Hint: will redirect to (marketing page)

Steps To Reproduce:

  1. Create an account on Surveysparrow.
  2. Add vulnerable subdomain ( ) on Surveysparrow general area (check screenshot below).
  3.  DNS Verified. Subdomain Takeover and Private Company Surveysparrow Account Takeover successfully :


  • Remove the affected DNS record.
  • Claim the subdomain.

Previous Articles :