Souq.com Subdomain Takeover via jazzhr.com service

27 sec read

Program : Souq

Vulnerability : Subdomain Takeover

Impact : High

jobs.souq.com was vulnerable to subdomain takeover via jazzhr.com Service

When I visit jobs.souq.com it was shown me an error ( finger print )

So I started to see the cname

Jobs.souq.com was has a cname souq.applytojob.com

So I go directly to the service provider and they was allowed me to take the cname souq.applytojob.com

jobs.souq.com not allowed me to connect it directly seems there was a Bug !

After 1 day I notice that subdomain has been connected to the cname in some paths example : /app/share/

Funny thing there are someone apply to fake Security Job ! 😀

Time line 
2019-02-04: Bug reported
2019-01-05: Fixed with no comments 
2019-01-06: Closed as Informative ! 

How I Found and Reporting Vulnerabilities to AntiHack.me by…

ABSTRACT AntiHack.me is a Singaporean Bug Bounty Platform site. After seeing this platform well known, I decided to create an account there. After successfully...
Admin
2 min read

Leave a Reply

Your email address will not be published. Required fields are marked *