If you didn't know that taking over subdomains was a thing then check this research from vulnerability.com - they showed a PoC that more than 670 Microsoft subdomians were susceptible to take over.
How can an attacker exploit this vulnerability?
- Actually, attacker can exploit this vulnerability as “Stored XSS”.
- Also attacker can clone the main website’s template and steal users credentials like passwords, credit card informations or phone numbers etc.
- Attacker can bypass CSP, CORS and referrer-check based protections and exploit some vulnerabilities like XSS, CSRF, Clickjacking and steal users cookies or takeover user accounts.
- Attacker can manipulate the corporational and critical endpoints like payment APIs.
- Attacker can force visitors to download malware.
- Attacker can hack users devices remotely and spy them if this subdomain is using for autoupdates.
- Attacker can make illegal requests by visitors browser.