Subdomain Takeover: via Unclaimed CNAME on WordPress

Halo guys, kali ini aku xzyhellsing, mau membahas kerentanan Subdomain Takeover di mana attacker bisa mengambil alih sebuah subdomain yang expired/unactive di Wordpress.com

Steps to Reproduce:

1. Subdomain yang didukung WordPress, katakanlah contohnya slebew.aweawe.com memiliki service fingerprint seperti ini:,

Error: Active domain connection

Something unexpected happened while accessing this website. It looks like it doesn’t have an active domain connection upgrade to link the requested domain name to the WordPress.com site.

If this is your domain name and it has recently stopped working, it's possible that your plan or domain may have expired. Please log in to your WordPress.com account and review the status of your plan and domain.

2. Selanjut nya masuk ke akun WordPress ke url ini: https://wordpress.com/start/domains/use-your-domain,

3. Hubungkan subdomain slebew.aweawe.com dengan membayar biaya langganan yang bisa connect domain.,

4. Setelah berhasil menghubungkan subdomain yang vulnerable, silahkan untuk menghost proof of concept nya contoh nya seperti ini : slebew.aweawe.com/namakalian.html,

Impact: Pengambilalihan subdomain yang disalahgunakan untuk beberapa tujuan:

• Distribusi malware.

• Phishing / Spear phishing.

• XSS.

Useful Resource/Reference:

• https://sapt.medium.com/wordpress-subdomain-takeover-on-bugcrowd-private-program-f59b5a0d74a7,

• https://www.hackerone.com/blog/guide-subdomain-takeovers-20,

• https://github.com/EdOverflow/can-i-take-over-xyz,

Semoga bermanfaat, Happy hunting 😎