Subdomain Takeover Vulnerability

[Amanzv]

Hey team,

I am a Security Researcher & I have found that one of your domain is vulnerable to github subdomain takeover which means any attacker could easily takeover that website & can easily host evil stuffs to manipulate the end users to steal confidential details from them it can be really a critical threat as this vulnerable subdomain is because the domain is facing an undangled CNAME kindly remove this site or just claim it so that any other attacker couldn't claim it & used

for a Proof of concept i have takeover the site temporarily & created a text on that kindly fix it by taking over it once you read this email contact back i will leave the domain & so that you can take it

image is attached as for your reference

vulnerable domain - status2023.voting.summit.cardano.org

steps to reproduce - • Go to new repository page • Set Repository name to canonical domain name (i.e., {something}.github.io from CNAME record) • Click Create repository • Push content using git to a newly created repo. GitHub itself provides the steps to achieve it • Switch to Settings tab • In GitHub Pages section choose master branch as source • Click Save • After saving, set Custom domain to source domain name (i.e., the domain name which you want to take over) • Click Save

Best, Aman

[rphair]

Please make such reports by another channel: because GitHub does not allow deletion of comments, the only way to remove such a documented exploit from public visibility would be to ban you from the repository... which would be unfortunate because we trust you are making this report in good faith 😎

[Amanzv]

I'm sorry if it offended you, just wanted to make it fix asap, I tried searching other ways to report but didn't got any as cardano doesn't have any official bug bounty program

Best, Aman

On Fri, Jan 26, 2024, 8:48 PM Robert Phair @.***> wrote:

Closed #1199 https://github.com/cardano-foundation/developer-portal/issues/1199 as completed.

— Reply to this email directly, view it on GitHub https://github.com/cardano-foundation/developer-portal/issues/1199#event-11610058826, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHGU2PAVK5UD5BINYIOPLGDYQPCN3AVCNFSM6AAAAABCMHSXISVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJRGYYTAMBVHA4DENQ . You are receiving this because you authored the thread.Message ID: <cardano-foundation/developer-portal/issue/1199/issue_event/11610058826@ github.com>

[ptrdsh]

Dear @Amanzv, Thank you for white hatting and reporting this vulnerability - much appreciated! Also, apologies for the delay in response. We are taking care of the stale domain, and any other we find on the way, asap. For future responsible disclosures, kindly reach out to the community team on X or the other channels in PNs to connect you to the right teams. Also, please reach out to me on X at @alxaex . Best, A

[Amanzv]

I followed you on X, I can't dm you, my username is @Amannoobda

Check it

Best, Aman

On Sat, 27 Jan, 2024, 5:00 am ptrdsh, @.***> wrote:

Dear @Amanzv https://github.com/Amanzv, Thank you for white hatting and reporting this vulnerability - much appreciated! Also, apologies for the delay in response. We are taking care of the stale domain, and any other we find on the way, asap. For future responsible disclosures, kindly reach out to the community team on X or the other channels in PNs to connect you to the right teams. Also, please reach out to me on X at @alxaex . Best, A

— Reply to this email directly, view it on GitHub https://github.com/cardano-foundation/developer-portal/issues/1199#issuecomment-1912825310, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHGU2PD4DKY5EBT4UYG622TYQQ4CVAVCNFSM6AAAAABCMHSXISVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJSHAZDKMZRGA . You are receiving this because you were mentioned.Message ID: @.***>

[fabianbormann]

@Amanzv thank you so much for reporting the issue. I will start looking into it NOW! Your white hacking is much appreciated! Feel free to join our Discord server https://discord.gg/BrznVs5J and send me a DM there: "abundzugamer"🙏

[Amanzv]

Thank you, I will do that.

On Sat, Jan 27, 2024 at 2:07 PM Fabian Bormann @.***> wrote:

@Amanzv https://github.com/Amanzv thank you so much for reporting the issue. I will start to look into it NOW! Your white hacking is much appreciated! Feel free to join our Discord server https://discord.gg/BrznVs5J and send me a DM there: "abundzugamer"🙏

— Reply to this email directly, view it on GitHub https://github.com/cardano-foundation/developer-portal/issues/1199#issuecomment-1913078084, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHGU2PGDB3VVKY2YXBLVTHLYQS4GFAVCNFSM6AAAAABCMHSXISVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJTGA3TQMBYGQ . You are receiving this because you were mentioned.Message ID: @.***>

--

[image: twitter] @.***>

[image: linkedin] https://www.linkedin.com/in/amannoobda

[image: instagram] https://instagram.com/aman.dvlpr

Aman Sharma

Security Researcher | Web Developer

SECUROBYTE

[image: emailAddress] @.*** [image: website] www.securobyte.com

[rphair]

@Amanzv I hope in the future you will consider sending details of any repeatable security exploits via some private channel... in this case, to the repository owner by the listed contact information on their web site (p.s. added: Discord link above)... rather than posting it to the public like this.

[Amanzv]

I will keep that in mind mate,

Best, Aman

On Sat, Jan 27, 2024, 2:12 PM Robert Phair @.***> wrote:

@Amanzv https://github.com/Amanzv I hope in the future you will consider sending details of any repeatable security exploits via some private channel... in this case, to the repository owner by the listed contact information on their web site... rather than posting it to the public like this.

— Reply to this email directly, view it on GitHub https://github.com/cardano-foundation/developer-portal/issues/1199#issuecomment-1913079071, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHGU2PCL6DFOBRQHWW6V7MLYQS4YTAVCNFSM6AAAAABCMHSXISVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJTGA3TSMBXGE . You are receiving this because you were mentioned.Message ID: @.***>