Keycdn (kxcdn.com) is not vulnerable for subdomain takeover

Question

Keycdn (kxcdn.com) is not vulnerable for subdomain takeover

mzet- opened this issue 5 years ago · comments

Service name

Content delivery, simplified (https://www.keycdn.com/).

Documentation

It seems that there is no way to claim dangling CNAME record to kxcdn.com entry. As record of kxcdn.com has following structure:

<user-provided-input>-<keycdn-user-ID>.kxcdn.com

attacker has only control of the first part of the entry (i.e. <user-provided-input>) second part is (<keycdn-user-ID>) is assigned by the KeyCdn during registration.

Michael Skelton · Answer 1 · Mon Sep 09 2019 18:50:17 GMT+0800 (China Standard Time)

Closed with #113

Michael Skelton · Answer 2 · Mon Sep 09 2019 18:58:32 GMT+0800 (China Standard Time)

Also thank-you @mzet-, I was rushing and should have said that initially. This is very appreciated though!

Steiner254 · Answer 3 · Sat Sep 03 2022 23:35:31 GMT+0800 (China Standard Time)

haha..nice