Subdomain Takeover via smugmug

EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Creative Commons Attribution 4.0 International

4.86k stars 717 forks source link

Subdomain Takeover via smugmug #60

Open m7mdharoun opened 6 years ago

m7mdharoun commented 6 years ago

Smugmug

Proof To Takeover

1) Create your custom subdomain on smugmug example : your-custom.smugmug.com 2) go to https://your-custom.smugmug.com/settings?nick=your-custom 3) Scroll down and add the vulnerable domain

Note : The cname of vulnerable subdomain must be SmugMug's CNAME (domains.smugmug.com)

bluedangerforyou commented 6 years ago

I see alot of cloudfront net, so cname answer must be domains.smugmug.com to be vulnerable correct?

m7mdharoun commented 6 years ago

Yes that's right cname must be domains.smugmug.com and there is another premium domains from smugmug the cname is your-custom.smugmug.net and this you can't takeover it ! only the cname domains.smugmug.com is possible to takeover if your account on smugmug expired.

bluedangerforyou commented 6 years ago

Thank you.