Subdomain Takeover

Subdomain takeover is a form of cyberattack in which an attacker gains control over a subdomain of a target domain. An attacker’s objectives in a subdomain takeover might include serving content on the vulnerable subdomain, reading cookies from the primary domain, performing cross-site scripting, or circumventing the primary domain’s content security policies. Subdomain takeover attacks most often happen when the subdomain has a canonical name (i.e., a CNSME) in the DNS record, but no host provides content. For example, this situation can happen when setting up or removing a subdomain if the content has not yet been published or removed (without also removing the CNAME reference). Under these circumstances, an attacker can execute a subdomain takeover by providing their own virtual host and then hosting their own content for it.

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.