Open m7mdharoun opened 6 years ago
I see alot of cloudfront net, so cname answer must be domains.smugmug.com to be vulnerable correct?
Yes that's right cname must be domains.smugmug.com
and there is another premium domains from smugmug the cname is your-custom.smugmug.net
and this you can't takeover it ! only the cname domains.smugmug.com
is possible to takeover if your account on smugmug expired.
Thank you.
Smugmug
Proof To Takeover
1) Create your custom subdomain on smugmug example : your-custom.smugmug.com 2) go to https://your-custom.smugmug.com/settings?nick=your-custom 3) Scroll down and add the vulnerable domain
Note :
The cname of vulnerable subdomain must be SmugMug's CNAME (domains.smugmug.com)