You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When DNS wildcard is used in a domain, any requested subdomain of that domain that doesn't have a different address explicitly will be resolved to the same information. This could be an A ip address, a CNAME...
For example, if *.testing.com is wilcarded to 1.1.1.1. Then, not-existent.testing.com will be pointing to 1.1.1.1.
However, if instead of pointing to an IP address, the sysadmin point it to a third party service via CNAME, like a github subdomain for example (sohomdatta1.github.io). An attacker could create his own third party page (in Gihub in this case) and say that something.testing.com is pointing there. Because, the CNAME wildcard will agree the attacker will be able to generate arbitrary subdomains for the domain of the victim pointing to his pages.
The text was updated successfully, but these errors were encountered:
From https://book.hacktricks.xyz/pentesting-web/domain-subdomain-takeover:
The text was updated successfully, but these errors were encountered: