Subdomain Takeover Örnekleri Genellikle çok fazla subdomainin olduğu büyük sitelerde denk geldiğim subdomain takeover, Amazon S3, Github, Cloudfront ve WordPress gibi servislerden hizmet alındığında ilgili servislerin panelindeki yapılandırma hatalarından dolayı subdomaini ele geçirmenize olanak sağlayan bir zafiyettir.
Greetings, Explanatıon A one-time password (OTP) is type of password that is valid for only one use. It provides more enhanced protection than static passwords, which remain the same for multiple login sessions. In brief it’s indispensable for security. OTP is divided into two;
Greetings, Summary I tested XSS on Intel main domain, then “inter_searchTerm” parameter come out. This situation made me suspicious. I tried some XSS payloads in this parameter and i found. I noticed that when I viewed http header information, it was sql injection. This cookie parameter affected the whole domain because it is in all subdomains.
Greetings, Summary Vulnerability allows you to confirm a phone number or mail that you own or not. So you have bypassed the two factor authentication verification. Two-step verification must be active so leak can ocur. At the same time, the 2fa verification must be mandatory by the administrator.