Subdomain Takeover Pointing To Wpmudev

URL:

https://crm.privatesite.com

Description:

Haqtify recently found a Subdomain takeover vulnerability pointing to Wpmudev . Subdomain takeover vulnerabilities take place when a subdomain (subdomain.example.com) is pointing to a 3rd party service (e.g. Shopify, Wpmudev, GitHub pages, Heroku, etc.) that has been removed or expired.

Steps To Reproduce:

1.Create a trial account on Wpmudev.

Register

2.After creating account , goto Domain section.

3.Add vulnerable domain in it.

 

4.Domain Takeover successfully.

Mitigation:

  • Remove the affected DNS record.
  • Claim the subdomain.

Previous Articles :