phoenix.node.bean.money was pointing to an unclaimed Google Cloud IP, making it vulnerable to subdomain takeover. I've managed to claim it in my GCP-account and added a simple html file as POC:Â http://phoenix.node.bean.money/ZDB4aW5nLWdjcC10YWtlb3Zlcgo.html
Subdomain takeovers can be used for
Account takeovers (cookies set to .bean.money will be shared with this subdomain and can be obtained)
Stored XSS (arbitrary javascript code can be executed in a users browser, see PoC)
Denial of Service via cookie bomb makes the root domain unavailable (see PoC)
The BIC has determined that this report is valid. The BIC determined that the impact of this issue is low given that the phoenix.node.bean.money subdomain is not in use and is easily mitigated. For these reasons, the BIC has determined that this bug report be rewarded 1,000 Beans.