Lucene search

K
hackeroneFthacker101H1:1646554
HistoryJul 22, 2022 - 1:00 p.m.

Invision Power Services, Inc.: support.invisionpower.com takeover the subdomain with Zendesk

2022-07-2213:00:17
fthacker101
hackerone.com
16
invision power services
zendesk
subdomain takeover

The subdomain at https://support.invisionpower.com has an unclaimed CNAME record ( ipscommunity.zendesk.com ). I checked the username availability in the signup process at Zendesk, it was observed that the subdomain is vulnerable to a subdomain takeover which allows an attacker could exploit such a situation by registering the expired sub domain and setting up a phishing page that mimics the company’s main support website.

Impact

Subdomain takeover can be abused to do several things like :
Malware distribution
Phishing / Spear phishing
XSS
Authentication bypass
Legitimate mail sending and receiving on behalf of the ford subdomain
…
The list goes on and on.