Closed Bug 1722108 Opened 4 years ago Closed 3 years ago

Subdomain takeover of suspicious-bard.mozillahubstraining.org

Categories

(Websites :: Other, defect)

Product:
Websites
Component:
Other
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: leo.sta.ls, Unassigned)

References

Details

(Keywords: reporter-external, wsec-takeover, Whiteboard: [reporter-external] [web-bounty-form])

Hey!

suspicious-bard.mozillahubstraining.org was pointing to an unclaimed AWS IP that I've managed yo get in my AWS account.

POC:
http://suspicious-bard.mozillahubstraining.org/dGFrZW92ZXIK.html

Best regards,
Leo

Flags: sec-bounty?

Thanks Leo.

curl http://suspicious-bard.mozillahubstraining.org/dGFrZW92ZXIK.html
Subdomain Takeover POC

bpeiris and jshaughnessy I'm assuming this is a hubs domain.

Type: task → defect
Keywords: wsec-takeover
See Also: → 1722109
Whiteboard: [reporter-external] [web-bounty-form] [verif?] → [reporter-external] [web-bounty-form]
Status: UNCONFIRMED → NEW
Ever confirmed: true
See Also: → 1722148
See Also: → 1723372

bpeiris and jshaughnessy: Looks like we're leaking mozillahubstraining.org subdomains. Is fixing this on your roadmap?

Flags: needinfo?(jshaughnessy)
Flags: needinfo?(bpeiris)

This is in the process of being fixed now.

Flags: needinfo?(jshaughnessy)
Flags: needinfo?(bpeiris)
See Also: → 1732386

Thank you for your report. Subdomain takeovers of domains like this are out of scope of the bug bounty program - please see here for more information.

This subdomain has been deleted

# host suspicious-bard.mozillahubstraining.org
Host suspicious-bard.mozillahubstraining.org not found: 3(NXDOMAIN)
Group: websites-security
Status: NEW → RESOLVED
Closed: 3 years ago
Flags: sec-bounty?
Flags: sec-bounty-hof-
Flags: sec-bounty-
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.