Telecom Italia (TIM) - Azure subdomain takeover
Subdomain takeover is a known technique being popular in the latest years with the advent of the cloud providers. At the end of April i was able to takeover timcafe.tim.it subdomain which belongs to Telecom Italia network. What is subdomain takeover ? Basically, subdomain takeover is the process of hijacking someone else subdomain. Let’s make an example. When a company hosts a websit e in the cloud let's say contoso.com hosts a web application on a cloud provider, they create a cloud application which has an unique DNS name, for example myapp.cloudprovider.com. Then, contoso.com wants to reach the web application from one of its subdomains, so they create a Canonical Name Record (CNAME) record on their DNS servers for myapp.contoso.com that maps one domain name (an alias) to another (the canonical name). In this case myapp.contoso.com is mapped to myapp.cloudprovider.com. Now if you resolv the domain name, this will be the output: myapp.contoso.com CNAME myapp.cloudprovider