Subdomain Takeover Pointing To SurveySparrow
Haqtify recently found a Subdomain takeover vulnerability pointing to Surveysparrow. Subdomain takeover vulnerabilities take place when a subdomain (subdomain.example.com) is pointing to a 3rd party service (e.g. Shopify, Surveysparrow, GitHub pages, Heroku, etc.) that has been removed or expired.
Possible To Takeover Hint:
insights.privatesite.com will redirect to surveysparrow.com (marketing page)
Steps To Reproduce:
- Create an account on Surveysparrow.
- Add vulnerable subdomain ( insights.privatesite.com ) on Surveysparrow general area (check screenshot below).
- DNS Verified. Subdomain Takeover and Private Company Surveysparrow Account Takeover successfully :
- Remove the affected DNS record.
- Claim the subdomain.
Previous Articles :
- Subdomain Takeover Pointing to Shopify
- Subdomain Takeover Pointing to branch io
- Subdomain Takeover Pointing to Heroku