Matataki-io / matataki-frontend

Front End for Matataki
https://www.matataki.io
GNU Affero General Public License v3.0
84 stars 15 forks source link

Bug Report of meta.io #1339

Open amanesthetic opened 5 months ago

amanesthetic commented 5 months ago

Hey Team, I am a Security researcher and Bug Bounty Hunter, I have found one of your domains vulnerable to subdomain takeover due to unclaimed cname pointing to GitHub which means anyone on the internet could take over the domain and can host malicious content or even a phishing campaign

kindly fix them by either removing cname pointing to GitHub or letting me know I will release the domain from here so you can take it meta

vulnerable URL - https://ayakaneko.meta.io/

I have taken the domain and hosted small POC text for your reference.

I've attached the image here.

Best, Aman