Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneZacianH1:2270082
HistoryDec 02, 2023 - 5:39 p.m.

Deriv.com: Mailgun subdomain takeover

2023-12-0217:39:15
zacian
hackerone.com
$100
22
mailgun
subdomain takeover
phishing
sensitive information
bug bounty

6.6 Medium

AI Score

Confidence

High

JSON

Summary:

I have found an unclaimed subdomain of deriv.cloud. Which is successfully claimable.

Platform(s) Affected:

email.mailgun.deriv.cloud

Steps To Reproduce:

You just need a mailgun account and the you can successfully claim this domain.

Supporting Material/References:

https://hackerone.com/reports/819309

Impact

Summary:

This subdomain takeover is very similar to other subdomain takeovers with just a few key differences:

  1. This will allow any user to use a free mail system. This can be very effective while phishing.
  2. Can reveal some very sensitive internal information about the Company which can lead to reputation and financial damage.

6.6 Medium

AI Score

Confidence

High

JSON