amanesthetic
commented
4 months ago It's been fixed, am i eligible for any kind of bounty reward?
Best, Aman
Open amanesthetic opened 4 months ago
amanesthetic
commented
4 months ago It's been fixed, am i eligible for any kind of bounty reward?
Best, Aman
Hey Team, I'm a Security Researcher & a bug hunter,
Subdomain Takeover - DNS Misconfiguration
Here is a bug I have found that one of your domains is vulnerable to subdomain takeover which means anyone on the internet can take the domain & host malicious content there or even be used to steal customers' credentials
Vulnerable domain - shop.injective.com
The vulnerable domain has cname pointing to a Shopify instance which was not taken yet
For your reference I have taken over the domain shop.injective.com Kindly remove the cname pointing to Shopify
I have attached an image for your reference
Also reported via mail to contact@injectivelabs.org kindly check on emergent basis
Best, Aman