Closed
Bug 1398960
Opened 7 years ago
Closed 7 years ago
Subdomain Takover of devs.mozillaindia.org
Categories
(Websites :: Mozilla Community Sites, enhancement)
Websites
Mozilla Community Sites
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: aditya, Assigned: tanner)
References
()
Details
(Keywords: sec-moderate, wsec-other, Whiteboard: [reporter-external] [web-bounty-form])
Attachments
(2 files)
Hi there, I have found that devs.mozillaindia.org was vulnerable to subdomain takeover, so i have taken over that subdomain to prevent any malicious person to takeover. Let me explain in detail. 1. devs.mozillaindia.org was pointing Github pages but devs.mozillaindia.org was not claimed on Github pages, that is why it was possible for anyone to takeover this subdomain. 2. I have created a private reporsitory https://github.com/exploitprotocol/devs.mozillaindia.org( if you want i can send an invite to view the content), and then claimed the subdomain. To prove subdomain takeover you can find a file http://devs.mozillaindia.org/subdomaintakeover.html with text "Subdomain Takeover of devs.mozillaindia.org". Thanks
Flags: sec-bounty?
Reporter | ||
Comment 1•7 years ago
|
||
Reporter | ||
Comment 2•7 years ago
|
||
Thanks Aditya! Confirmed. This is listed as a community site: https://wiki.mozilla.org/Websites/Directory#M
Status: UNCONFIRMED → NEW
Component: Other → Mozilla Community Sites
Ever confirmed: true
Whiteboard: [reporter-external] [web-bounty-form] [verif?] → [reporter-external] [web-bounty-form]
Assigning sec-high for subdomain takeover. Community sites are excluded from the bug bounty: https://www.mozilla.org/en-US/security/web-bug-bounty/ :yalam96 can you handle this or route it to the right people?
Comment 5•7 years ago
|
||
Tanner will take this one on
Assignee: yousef → tanner.sumo.bugs
Flags: needinfo?(yousef)
Assignee | ||
Updated•7 years ago
|
Status: NEW → ASSIGNED
Dropping to sec-moderate since I was told community sites don't offer an org wide threat. Thanks :yalam96 and :tanner, looks like this is fixed, since I'm not seeing the CNAME to mozillaindia.github.io anymore.
Keywords: sec-high → sec-moderate
Assignee | ||
Comment 8•7 years ago
|
||
I've changed the DNS of the site to point to MDN. If they want to use GH Pages they'll have to get in contact with me or yousef to make appropriate changes.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Updated•7 years ago
|
Flags: needinfo?(yousef)
Updated•7 years ago
|
Flags: sec-bounty? → sec-bounty-
You need to log in
before you can comment on or make changes to this bug.
Description
•