Closed alimp5 closed 4 years ago
When 3rd party application disconnected from SendingBLue.com; but web application has TXT record for pointing to SendingBlue service:
Nothing found for the requested URL!!
Please follow sendinblue.com to explore our platform.
© 2017 Sendinblue
note: i couldn't to find a way to generate a Hash-ID like in 3rd party web application's TXT record or bypass this protection mechanism.
At first glance, assuming there are no known bypasses (which would constitute a vulnerability in the service and should be reported to the vendor), this service does not appear vulnerable to subdomain takeovers. Validating ownership via a TXT record is a good way to prevent subdomain takeovers.
SendinBlue
This site (SendinBlue.com) works in Digital Marketing field (SMS Marketing, Email Marketing, etc...).
Proof
https://imgur.com/a/jk3Jxey
Documentation
SendinBlue.com has 3 verification methods:
Note: Is it possible to take over a domain or subdomain via bypassing techniques. I checked some techniques via Burp Suite; but didn't work and takeover failed.
Thanks in advance