[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keycdn (kxcdn.com) is not vulnerable for subdomain takeover #112

Closed
mzet- opened this issue Sep 9, 2019 · 3 comments
Closed

Keycdn (kxcdn.com) is not vulnerable for subdomain takeover #112

mzet- opened this issue Sep 9, 2019 · 3 comments
Labels
not vulnerable Someone has made it very clear that this service is not vulnerable to subdomain takeovers.

Comments

@mzet-
Copy link
mzet- commented Sep 9, 2019

Service name

Content delivery, simplified (https://www.keycdn.com/).

Documentation

It seems that there is no way to claim dangling CNAME record to kxcdn.com entry. As record of kxcdn.com has following structure:

<user-provided-input>-<keycdn-user-ID>.kxcdn.com

attacker has only control of the first part of the entry (i.e. <user-provided-input>) second part is (<keycdn-user-ID>) is assigned by the KeyCdn during registration.
@codingo codingo added the not vulnerable Someone has made it very clear that this service is not vulnerable to subdomain takeovers. label Sep 9, 2019
@codingo codingo mentioned this issue Sep 9, 2019
Merged
@codingo
Copy link
Collaborator
codingo commented Sep 9, 2019

Closed with #113

@codingo codingo closed this as completed Sep 9, 2019
@codingo
Copy link
Collaborator
codingo commented Sep 9, 2019

Also thank-you @mzet-, I was rushing and should have said that initially. This is very appreciated though!

@Steiner-254
Copy link

haha..nice

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
not vulnerable Someone has made it very clear that this service is not vulnerable to subdomain takeovers.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@codingo @mzet- @Steiner-254