Udemy: [engineering.udemy.com] - Subdomain Takeover (ghost.io)

Hi Security Team, Found that DNS record of engineering.udemy.com domain was pointing to inactive ghost.io instance. So when we visit https://engineering.udemy.com we will be notified that site doesn't exist. F310092 $ host engineering.udemy.com engineering.udemy.com is an alias for...

Brave Software: Brave: Admin Panel Access

Steps to reproduce While browsing through the https://blog.brave.com/admin, it is getting redirected to a admin login panel https://brave.ghost.io/ghost/signin/. Consequence An attacker can easily enumerate this admin panel with the url such as https://blog.brave.com/admin and with brute force...