Subdomain Takeover using pointing to Hubspot

ID H1:38007
Type hackerone
Reporter fransrosen
Modified 2015-02-26T13:51:15



Your subdomain is pointing to the service called Hubspot. However, your account at Hubspot has expired or has been cancelled. This basically means that anyone can claim your subdomain pointing to Hubspot and create their own site at this URL. This is EXTREMELY dangerous as whatever the attacker want can be placed on this domain. This is also a foolproof phishing attack since no one would be able to verify that this is not a legit form.

I have temporarily claimed this domain for PoC. You should immediately remove the DNS-entry for pointing to Hubspot.

And since I'm able to run javascript at Hubspot, I'm able to do whatever I like on that domain. Creating a login form that would fool anyone, since it's present on a domain.

$ host is an alias for is an alias for


PoC-images attached.

As you might understand, this is really bad. Foolproof phishing. XSS on Potential malware spread through a domain you - in this case - do not control. Extremely painful for the company brand.

Please make sure you're always going through your DNS-entries so no subdomains are pointing to external services you do not use.

We've written an advisory about this at Detectify:

Where you can read more about this sort of attack.

Regards, Frans Rosén