Trello: Subdomain Take over & username enemuration

2016-09-26T06:45:50
ID H1:172024
Type hackerone
Reporter mubassir92
Modified 2016-09-26T17:44:38

Description

Bug #1

The ip of domain is not pointing to wpengine.com,Attacker can signup there and takeover subdomain by using this ip check the error message by visiting domain ip it say's that:

This domain is successfully pointed at WP Engine, but is not configured for an account on our platform.

If you just signed up, we're still likely creating your account. Did you add this domain to your install? Did you point DNS to the correct IP address or CNAME?

If you've completed the steps above, or need more help, please contact us and we can help get your site up and running in no time.

http://104.198.231.76/ ======== https://br.blog.trello.com http://130.211.192.231/ ======== blog.trello.com

Bug #2

username enumeration

Poc: https://www.owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002)

http://blog.trello.com is vulnerable to username enemuration here is the username of wp-admin

ID User Login 1 admin admin 2 Dan Ostlund dan

wordpress allow to brute force password and on net there are diffrent tools to brute force password of wordpress like WPscan