https://community.isc2.org/t5/Tech-Talk/Subdomain-takeover/m-p/33453#M2436 <P>If you didn't know that taking over subdomains was a thing then check this research from <A href="https://vullnerability.com/blog/microsoft-subdomain-account-takeover" target="_blank" rel="noopener">vulnerability.com</A> - they showed a PoC that more than 670 Microsoft subdomians were susceptible to take over.&nbsp;</P><P>&nbsp;</P><P><SPAN>How can an attacker exploit this vulnerability?</SPAN></P><P>&nbsp;</P><UL><LI>Actually, attacker can exploit this vulnerability as “Stored XSS”.</LI><LI>Also attacker can clone the main website’s template and steal users credentials like passwords, credit card informations or phone numbers etc.</LI><LI>Attacker can bypass CSP, CORS and referrer-check based protections and exploit some vulnerabilities like XSS, CSRF, Clickjacking and steal users cookies or takeover user accounts.</LI><LI>Attacker can deface the websites which is embedding sources from vulnerable subdomains. Or run JavaScript commands remotely.</LI><LI>Attacker can manipulate the corporational and critical endpoints like payment APIs.</LI><LI>Attacker can force visitors to download malware.</LI><LI>Attacker can hack users devices remotely and spy them if this subdomain is using for autoupdates.</LI><LI>Attacker can make illegal requests by visitors browser.</LI></UL> Sun, 08 Mar 2020 02:03:41 GMT AppDefects 2020-03-08T02:03:41Z https://community.isc2.org/t5/Tech-Talk/Subdomain-takeover/m-p/33453#M2436 <P>If you didn't know that taking over subdomains was a thing then check this research from <A href="https://vullnerability.com/blog/microsoft-subdomain-account-takeover" target="_blank" rel="noopener">vulnerability.com</A> - they showed a PoC that more than 670 Microsoft subdomians were susceptible to take over.&nbsp;</P><P>&nbsp;</P><P><SPAN>How can an attacker exploit this vulnerability?</SPAN></P><P>&nbsp;</P><UL><LI>Actually, attacker can exploit this vulnerability as “Stored XSS”.</LI><LI>Also attacker can clone the main website’s template and steal users credentials like passwords, credit card informations or phone numbers etc.</LI><LI>Attacker can bypass CSP, CORS and referrer-check based protections and exploit some vulnerabilities like XSS, CSRF, Clickjacking and steal users cookies or takeover user accounts.</LI><LI>Attacker can deface the websites which is embedding sources from vulnerable subdomains. Or run JavaScript commands remotely.</LI><LI>Attacker can manipulate the corporational and critical endpoints like payment APIs.</LI><LI>Attacker can force visitors to download malware.</LI><LI>Attacker can hack users devices remotely and spy them if this subdomain is using for autoupdates.</LI><LI>Attacker can make illegal requests by visitors browser.</LI></UL> Sun, 08 Mar 2020 02:03:41 GMT https://community.isc2.org/t5/Tech-Talk/Subdomain-takeover/m-p/33453#M2436 AppDefects 2020-03-08T02:03:41Z