When it comes to Amazon Web Services (AWS), both S3 and CloudFront lack domain validation. If a domain has a DNS entry pointing to either S3 or CloudFront but the domain is not actually claimed in S3 or CloudFront, it’s possible for anyone to claim the domain and serve their own content on the domain using these two AWS services. We will explain another problem with the lack of domain verification, combining trailing dot domains, conflict checks and how SSL common name matching works today.
MSN is vulnerable to this as per below. As we’ve said before, check and validate all your DNS Resource Records immediately. After our previous blog advisory about the subdomain takeover, we were contacted by Szymon Gruszecki, an independent security researcher and a frequent reporter in the Facebook White Hat Bug Bounty. Kickstarted by our advisory, he got in touch with us explaining a different method, together with a live PoC.
Hackers can claim subdomains with the help of external services. This attack is practically non-traceable, and affects at least 17 large service providers and multiple domains are affected. Find out if you are one of them by using our quick tool, or go through your DNS-entries and remove all which are active and unused OR pointing to External Services which you do not use anymore.