Hi there, I have found that devs.mozillaindia.org was vulnerable to subdomain takeover, so i have taken over that subdomain to prevent any malicious person to takeover. Let me explain in detail. 1. devs.mozillaindia.org was pointing Github pages but devs.mozillaindia.org was not claimed on Github pages, that is why it was possible for anyone to takeover this subdomain. 2. I have created a private reporsitory https://github.com/exploitprotocol/devs.mozillaindia.org( if you want i can send an invite to view the content), and then claimed the subdomain. To prove subdomain takeover you can find a file http://devs.mozillaindia.org/subdomaintakeover.html with text "Subdomain Takeover of devs.mozillaindia.org". Thanks
Thanks Aditya! Confirmed. This is listed as a community site: https://wiki.mozilla.org/Websites/Directory#M
Status: UNCONFIRMED → NEW
Component: Other → Mozilla Community Sites
Ever confirmed: true
Whiteboard: [reporter-external] [web-bounty-form] [verif?] → [reporter-external] [web-bounty-form]
Assigning sec-high for subdomain takeover. Community sites are excluded from the bug bounty: https://www.mozilla.org/en-US/security/web-bug-bounty/ :yalam96 can you handle this or route it to the right people?
Assignee: nobody → yousef
Keywords: sec-high, wsec-other
Tanner will take this one on
Assignee: yousef → tanner.sumo.bugs
(keeping NI on myself so I remember to follow up)
Dropping to sec-moderate since I was told community sites don't offer an org wide threat. Thanks :yalam96 and :tanner, looks like this is fixed, since I'm not seeing the CNAME to mozillaindia.github.io anymore.
Keywords: sec-high → sec-moderate
I've changed the DNS of the site to point to MDN. If they want to use GH Pages they'll have to get in contact with me or yousef to make appropriate changes.
Status: ASSIGNED → RESOLVED
Last Resolved: 5 months ago
Resolution: --- → FIXED
Great, thanks :tanner!
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.