bug-bounty448
google354
microsoft311
facebook262
xss238
apple179
malware174
rce149
exploit124
bragging-post101
cve99
account-takeover93
phishing83
csrf79
privilege-escalation77
supply-chain65
stored-xss65
authentication-bypass63
dos60
browser57
reflected-xss57
react50
cloudflare49
cross-site-scripting48
reverse-engineering48
input-validation48
access-control47
aws45
docker45
smart-contract45
node44
sql-injection43
ethereum43
web343
defi42
web-security42
web-application41
ssrf38
burp-suite35
idor34
vulnerability-disclosure34
info-disclosure33
race-condition33
html-injection33
cloud32
writeup32
oauth32
buffer-overflow32
smart-contract-vulnerability32
information-disclosure30
0
4/10
Researcher discovered a subdomain takeover vulnerability in Bugcrowd's bugcrowdtrafficcontrol.com domain by exploiting misconfigured DNS pointing to Fastly and Pantheon services, allowing registration of the domain in his own CDN account. The vulnerability was reported to Bugcrowd and closed as N/A despite receiving a $600 bounty.
subdomain-takeover
dns-misconfiguration
fastly
cloudfront
pantheon
domain-takeover
cdn-misconfiguration
bug-bounty
bragging-post
Bugcrowd
bugcrowdtrafficcontrol.com
Fastly
CloudFront
Pantheon
Cloudflare
MuhammadKhizerJaved
0
3/10
bug-bounty
A subdomain takeover vulnerability was discovered on a Pantheon-hosted domain where an unclaimed subdomain displaying 'Unknown Site' could be claimed by registering a Pantheon account and routing a sandbox domain to the vulnerable subdomain, allowing content injection.
Pantheon
Donald J Trump