Shopify: Domain takoever - https://sellocdn.com

2015-10-27T06:02:48
ID H1:96007
Type hackerone
Reporter uname
Modified 2015-11-03T08:16:23

Description

Hi,

While performing some DNS recon activities, I identified the following domain sellocdn.com, owned and operated by Shopify (see whois below). The DNS record is pointing to Heroku, but it hasn't be claimed on Heroku. This would allow a malicious user to login to Heroku and claim the domain, and host malicious content of their choosing on http://sellocdn.com.

i understand that this is out of scope, but I thought I would point it out since I found it.

Registry Registrant ID: Registrant Name: Shopify Hostmaster Registrant Organization: Shopify Inc. Registrant Street: 126 York St. 200 Registrant City: Ottawa Registrant State/Province: ON Registrant Postal Code: K1N 5T5 Registrant Country: CA Registrant Phone: +1.(613) 241-2828 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: domains@shopify.com

PoC - navigate to http://sellocdn.com