Hijacking of abandoned subdomains part 2


MSN is vulnerable to this as per below. As we’ve said before, check and validate all your DNS Resource Records immediately. After our previous blog advisory about the subdomain takeover, we were contacted by Szymon Gruszecki, an independent security researcher and a frequent reporter in the Facebook White Hat Bug Bounty. Kickstarted by our advisory, he got in touch with us explaining a different method, together with a live PoC.