Hello,This is me!

Abdul Wahab

A Security Engineer Bug Bounty Hunter Synack Red Team Member

Thursday, 2 March 2017

Sub_Domain TakeOver iwantmyname


Aslam-O-Alaikum,

Brothers and their Sisters.Today i am Going to Disclose my recent Findings on Iwantmyname(BugCrowd).
According to This Issue I am Able to Fully Takeover a Sub_domain.

Tool Used:-
Knockpy ( A python Sub_Domain Finder)

PoC:-
  • I just Founded a Sub Domain That is Created With Domain iwantmyname.com
    This SubDomain Contains The Nameserver's and DNS Recored of WpEngine But It is not linked with any account of Wp_engine.
  • Replication Steps
    1.Go to Wpengine.com
    2.Buy a Membership
    3.Add domain
    http://an.iwantmyname.com/
    4.Done
    Sub_domain Is Now Of Attacker.

  • Reward : Kudos

    Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna Veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.

    0 comments:

    Post a comment

    SEND ME A MESSAGE

    Search

    Hi There, I am

    Instagram

    About Me

    My photo
    Turning my passion into my professional life. Love to break road and dig deeper as much as possible. Believe in no system is secure. Acknowledged by Google,Facebook,Paypal,Twitter and 250+ tech giants.

    About Me

    Social media

    Flickr

    Popular Posts