Shipt: Subdomain Takeover at test.shipt.com

2018-07-28T01:03:54
ID H1:387760
Type hackerone
Reporter m7mdharoun
Modified 2018-08-02T16:59:15

Description

A researcher identified a stale DNS record that pointed to an abandoned test Heroku instance. This allowed for subdomain takeover. This was not an actively used subdomain and was not linked in any of our production applications. Nonetheless, Shipt Security immediately addressed the issue and awarded the researcher with an appropriate bounty. Full Disclose on my blog :) Enjoy > https://www.mohamedharon.com/2018/08/Shipttakeover.html