MoinQ: Subdomain_takeover/bounty

• RecentChanges
• FindPage
• HelpContents
• Subdomain_takeover/bounty

• Immutable Page
• Comments
• Info
• Attachments
• More Actions: Raw Text Print View Render as Docbook Delete Cache ------------------------ Check Spelling Like Pages Local Site Map ------------------------ Rename Page Delete Page ------------------------ Subscribe User ------------------------ Remove Spam Revert to this revision Package Pages Sync Pages ------------------------ CreateNewPage Load PageActions Save SlideShow Thumbnails

CONFIRMING THE VULNERABILITY

I went to Fastly official website and performed below steps,
1. I created an account on fastly.com using a temporary mail.
2. Logged in to my Fastly Dashboard and clicked on the “Create a Delivery Service” button.
3. Entered target subdomain name(next.redacted.com) and clicked on Add button.

I was expecting the error message (“domain is already taken by another customer”) to appear but there was no error message. I was redirected to the next page “Hosts page”. I was surprised.

MoinQ: Subdomain_takeover/bounty (last edited 2023-03-21 13:42:22 by ToshinoriMaeno)

• Immutable Page
• Comments
• Info
• Attachments
• More Actions: Raw Text Print View Render as Docbook Delete Cache ------------------------ Check Spelling Like Pages Local Site Map ------------------------ Rename Page Delete Page ------------------------ Subscribe User ------------------------ Remove Spam Revert to this revision Package Pages Sync Pages ------------------------ CreateNewPage Load PageActions Save SlideShow Thumbnails

• MoinMoin Powered
• Python Powered
• GPL licensed
• Valid HTML 4.01