HerokuDNS can’t be Takeover any more ( Edge Case )

39 sec read

In jan 2019 Heroku have update all DNS of Domains and Subdomains for all users.
Last years in Heroku when you try to add your subdomain or your domain you will
get directly cname

Old takeover explain :
Last years When you added this subdomain ex : example.wehitharder.com to your heroku app
You will get this custom cname from Heroku example.wehitharder.com.herokudns.com
So it will be easy to takeover it casue you will add the vulnerable subdomain directly to the app error dns ..
Example this report by Mohamed Haron Shipit Subdomain Takeover
Steps here : https://www.mohamedharon.com/2018/08/Shipttakeover.html

Now if you tried to add the same subdomain example.wehitharder.com
you will get a Random Cname example like this pic

So This will be Hard to Takeover any more ..

The Edge case here :

Takeover is still in Herokuapp.com if the cname is directly connected to subdomain ex : wehitharderapp.wehitharder.com has a Cname : wehitharderapp.herokuapp.com and this error shown in the subdomain directly

so yes it can be takeover by creating new app name wehitharderapp at your dashboard

How I Found and Reporting Vulnerabilities to AntiHack.me by…

ABSTRACT AntiHack.me is a Singaporean Bug Bounty Platform site. After seeing this platform well known, I decided to create an account there. After successfully...
2 min read

Leave a Reply

Your email address will not be published. Required fields are marked *