Subdomain takeover



Subdomain takeover is a vulnerability that allows taking control of the subdomain.


Consider an example, is using some 3rd party service like (Heroku, Github Pages, Zendesk, Freshdesk, etc.)

so, this mapping is done using CNAME DNS Record CNAME

Later, Due to some reason, the company decided to STOP using that service.

But, The DNS Record still exists.

So, If someone visits, It will show some Error page depending on It may show that 404: Not Found Error or it may show is available to register!

Now, the Attacker goes to and register

Then, because of DNS record is not deleted/updated, will map to!

Thus, the Attacker will have complete control over


An attacker can use this vulnerability to damage the image of the organization.

It can be used to bypass the Cross-Origin Resource Sharing (CORS) Policy, which can lead to stealing data from an authenticated user on the main domain.

When subdomains have been waitlisted in Oauth configuration, Oauth token can be leaked.


  • Remove or Update DNS Record if you stop using such external service.