Closed Bug 1398960 Opened 7 years ago Closed 7 years ago

Subdomain Takover of devs.mozillaindia.org

Categories

(Websites :: Mozilla Community Sites, enhancement)

Product:
Websites
Component:
Mozilla Community Sites
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: aditya, Assigned: tanner)

References

(
URL
)

Details

(Keywords: sec-moderate, wsec-other, Whiteboard: [reporter-external] [web-bounty-form])

Attachments

(2 files)

Before Takeover of devs.mozillaindia.org
18.48 KB, image/png
Details
After Takeover devs.mozillaindia.org
4.39 KB, image/png
Details 
Hi there,

I have found that devs.mozillaindia.org was vulnerable to subdomain takeover, so i have taken over that subdomain to prevent any malicious person to takeover.

Let me explain in detail.

1. devs.mozillaindia.org was pointing Github pages but devs.mozillaindia.org was not claimed on Github pages, that is why it was possible for anyone to takeover this subdomain.
2. I have created a private reporsitory https://github.com/exploitprotocol/devs.mozillaindia.org( if you want i can send an invite to view the content), and then claimed the subdomain.

To prove subdomain takeover you can find a file http://devs.mozillaindia.org/subdomaintakeover.html with text "Subdomain Takeover of devs.mozillaindia.org". 

Thanks
Flags: sec-bounty?

    
    

    
  
Thanks Aditya!

Confirmed. This is listed as a community site: https://wiki.mozilla.org/Websites/Directory#M
Status: UNCONFIRMED → NEW
Component: Other → Mozilla Community Sites
Ever confirmed: true
Whiteboard: [reporter-external] [web-bounty-form] [verif?] → [reporter-external] [web-bounty-form]

    
    

    
  
Assigning sec-high for subdomain takeover. 

Community sites are excluded from the bug bounty: https://www.mozilla.org/en-US/security/web-bug-bounty/

:yalam96 can you handle this or route it to the right people?
Assignee: nobody → yousef
Flags: needinfo?(yousef)
Keywords: sec-high, 
          
            wsec-other

    
    

    
  
Tanner will take this one on
Assignee: yousef → tanner.sumo.bugs
Flags: needinfo?(yousef)

    
    

    
  
(keeping NI on myself so I remember to follow up)
Flags: needinfo?(yousef)

    
  
Status: NEW → ASSIGNED

    
    

    
  
Dropping to sec-moderate since I was told community sites don't offer an org wide threat.

Thanks :yalam96 and :tanner, looks like this is fixed, since I'm not seeing the CNAME to mozillaindia.github.io anymore.
Keywords: sec-highsec-moderate

    
    

    
  
I've changed the DNS of the site to point to MDN. If they want to use GH Pages they'll have to get in contact with me or yousef to make appropriate changes.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED

    
    

    
  
Great, thanks :tanner!
Group: websites-security
Flags: needinfo?(yousef)
Flags: sec-bounty? → sec-bounty-

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: