crypto-titan
commented
1 year ago We cannot replicate this on our side, can you tell us how you did it?
Closed Mantisseclabs closed 1 year ago
crypto-titan
commented
1 year ago We cannot replicate this on our side, can you tell us how you did it?
crypto-titan
commented
1 year ago Can you do this with another domain? like testnet2.seiza-website.emurgo.io ?
crypto-titan
commented
1 year ago Did you point your local hosts files to point to heroku to make it look like you hacked one of our unused subdomains? :D
vsubhuman
commented
1 year ago The report is kinda meaningless, this subdomain is disabled a long time ago and is completely removed now. Although, thank you @phoenix20-git , this was a reminder for us to remove it from the codebase, so this change will be included in the nearest release.
Host: https://emurgo.io/
Issue: Subdomain Takeover
Affected Domain : http://testnet.seiza-website.emurgo.io/
POC:
https://drive.google.com/file/d/1ibwAtqGWq7Pe3_cpH50D0emI9pgro6ym/view?usp=share_link