search

parami-foundation / parami-blockchain

Parami Chain
GNU General Public License v3.0
4 stars 1 forks source link

security vulnerability in github #39

Closed ajay1706 closed 1 year ago

ajay1706 commented 2 years ago

Title:  Github Subdomain Takeover 

Summary : Subdomain takeover vulnerabilities occur when a subdomain (subdomain.example.com) is pointing to a service (e.g. GitHub pages, Heroku, etc.) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that subdomain. For example, if subdomain.example.com was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing subdomain.example.com, and claim subdomain.example.com.

Steps to find a vulnerability :

Vulnerable url : https://docs.parami.io • It was easy to guess the CNAME of parami github pages which is  parami.github.io • As the CNAME is also available and subdomain is also empty, the subdomain is vulnerable to subdomain takeover. • One should not public the CNAME publicly

Impact: Risk, fake, website malicious code injection, users tricking company impersonation This issue can have really huge impact on the companies reputation someone could post malicious content on the compromised site and then your users will think it's official but it's not.

![Uploading Screenshot 2022-10-04 at 2.47.06 PM.png…]() If the subdomain is not used then you can remove this subdomain from your dns entry.

Reference

Below hackerone report show critical any subdomain takeover is :  https://hackerone.com/reports/325336

Additional context Add any other context about the problem here.

coderfengyun commented 2 years ago

Thx @ajay1706 , we're investigating on it.

ajay1706 commented 2 years ago

Hey @coderfengyun The vulnerability has been fixed. Hope to receive an update on bounty soon.

HikaruChang commented 2 years ago

@ajay1706 Thank you for your feedback. This security issue does not apply to this organization. The domain has been bound and verified in the Parami GitHub Page, such as TXT verification records. The vulnerability only exists for CNAME that are not verified and held, such as the domain has expired or can be held by others. ScreenShot20221009-225515 The organization's websites are set up with SSL certificates and protected by CDN, so there is no problem as you describe. However, I would like to thank you for reminding us that there are idle subdomains, follow security policy, should delete the DNS record as soon as possible.

Best regards