netlify-takeover
Report ID
#25425
Report type
Websites and Applications
Has PoC?
Yes
Target
Impacts
Subdomain takeover other than app.bean.money
Description
Hello Team I Keyur Maheta found security issue in your system {HIGH}
severity: high
TiTLE netlify--takeover
Description:
The website https://analytics.bean.money/ is vulnerable to a "Netlify Takeover" vulnerability. Netlify is a cloud hosting service commonly used to deploy and manage websites. In a Netlify takeover vulnerability, an attacker can claim ownership of a Netlify subdomain, effectively taking control of the website hosted on that subdomain. This type of attack can lead to unauthorized access, defacement, or even the theft of sensitive user data. The vulnerability occurs due to misconfiguration or poor management of the Netlify subdomain.
reference:
Also inform me if you grant bounty on this i want to double check with my wallet address Best regards, Keyur
Proof of concept
Step To Reproduce https://analytics.bean.money
Immunefi Response
Immunefi has reviewed this vulnerability report and decided to close since being out of scope for Beanstalk bug bounty program.
- claimed impact by the whitehat is in scope for the bug bounty program
- claimed asset by the whitehat is in scope for the bug bounty program
- PoCÂ
has not been submitted to the project- claimed severity is in scope for the bug bounty program
Since this bug bounty program does not require Immunefi's triaging, note that Immunefi does not:
- check if whitehat's claims are factually correct
- check PoC to understand the validity
- assess the submission's severity
These activities are the project's responsibility.
The project will now be automatically subscribed and receive a report of the closed submission and can evaluate if they are interested in re-opening it. However, note that they are not under any obligation to do so.