Subdomain Takeover Via Flywheel

  • verification via TXT record
  • verification via a CNAME record
  • validation of domain via e-mail (code to be sent to e-mail visible in WHOIS records)
The Vulnerable Subdomain
The Subscription page
Creating Page
Final Step from Exploit.
The Subdomain After Exploit.
This IP belongs to flywheel

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store