IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [sub-domain]

The domain name system tree structure or DNS hierarchy has a root domain at the top and all the child nodes in the tree are called sub-domains.

Basically a sub-domain in a domain that is a part of a larger domain. e.g. a.mysite.com and b.mysite.com are sub-domains of mysite.com which is a sub-domain of a top level domain .com

67 questions
4
votes
1 answer

Subdomain takeover due to improper records

INTRO On hackerone I see a few people writing reports on subdomain takeover due to improper records (CNAME I believe). I want to learn this 'skill' too. QUESTION I found a snapchat (sc-cdn.net) domain which is pointing to Fastly, let's say it is…
CAP STEEZ
  • 41
  • 3
4
votes
1 answer

What can I do with crossdomain.xml access to a website

I've been learning more about subdomain takeovers and trying to find other risks of them. I have a fairly simple question; what can you do with access to a website via a crossdomain.xml file? (ex. you takeover a.example2.com and…
Jack
  • 471
  • 2
  • 6
  • 18
4
votes
2 answers

Is there a difference in security between an IP address white list and a domain white list with TLS?

It seems to me that an IP address white list relies on easily spoofed information, while a domain white list, if it forces TLS, at least, relies on the validity of the certificate systems. I may be framing this question incorrectly, or comparing…
Nathan Basanese
  • 640
  • 1
  • 9
  • 20
4
votes
1 answer

Is Exposing Real IP Through Subdomain A Security Implication?

It seems pretty common for websites to expose their real IP address through subdomains. Many DoS mitigation providers hide your real IP address for the core domain, but leave a subdomain exposed for access through this delivery network. For some,…
Ryan Foley
  • 191
  • 2
  • 5
3
votes
1 answer

Wildcard certificate generated for local CA do not work for the subdomains

I have created Makefile to simplify generation certificates for local development: DOMAIN ?= localhost NAME ?= ${DOMAIN} CAKEY ?= CAkey.key CACERT ?= CAcert.pem SIGN_REQ ?= ${NAME}.csr CERT ?= ${NAME}.crt PEM ?= ${NAME}.pem KEY…
Hauleth
  • 133
  • 4
3
votes
0 answers

Is it possible to exploit this cors?

I found an xss on subdomain.example.com and i verified that the domain api.example.com accepts subdomain.example.com as valid origin. Can i exploit this as cors by inserting a CORS script in subdomain.example.com and send the link to victim?
new liyuser
  • 41
  • 2
3
votes
3 answers

Single Domain SSL Certificate vs Wildcard Certificate

Probably a rather odd question, but something that came to mind. Wildcard certificates are about 10 times more expensive than a single certificate. However with a single certificate, you can secure sub-domains like secure.example.com ect... My…
Alien595
  • 39
  • 1
  • 2
2
votes
1 answer

Is asking for credentials from a separate trusted domain an acceptable practice?

I know of at least two pages that I would have just assumed were a phishing scheme if I didn't know any better. Serverfault.com is a stack exchange site on a different domain, however if you click to sign in with stack exchange, it does not redirect…
Andrew Hoffman
  • 1,987
  • 14
  • 17
2
votes
2 answers

How could you find wildcard subdomains on websites?

Other than testing different URLs separately, is there anyway to find out if a website has a wildcard sub domain?
Michael Blake
  • 751
  • 1
  • 12
  • 22
2
votes
2 answers

SSL-certificates for overlapping domain regions?

Suppose, a server hosts https://www.master.com/ and thus is equipped with a (single domain) SSL certificate. Furthermore, suppose there are some web apps below master.com: http://wiki.master.com/ http://docs.master.com/ …
SteAp
  • 305
  • 2
  • 9
2
votes
1 answer

Does subdomain DNS cache poisoning depend on the authoritative name server ignoring requests for non-existing domains?

I'm reading "Introduction to Computer Security", Pearson New International Edition, 1st edition, by Goodrich and Tamassia. On the subject of DNS cache poisoning, they mention that a "new" attack was discovered in 2008, so-called "subdomain DNS cache…
Stefan van den Akker
  • 25
  • 8
2
votes
1 answer

How do partial wildcards in subjectAltName dNSName interact with IDNA domains?

For instance if I run IDNA encode bücher.tld you receive xn--bcher-kva.tld. Now imagine the certificate for https://bücher.tld has the following field within subjectAltName: (dNSName, xn--bcher*.tld). Would this mean that the certificate would match…
Seth Larson
  • 21
  • 1
2
votes
2 answers

Why one may want to get different certificates for different subdomains?

I know there are some tricks to play with wildcards to make a certificate to be valid for all the subdomains ( such as here), but my question is what is the design reason that certificates can be issued for subdomains. Why someone may need to get…
Alex
  • 123
  • 3
2
votes
1 answer

Are there significant security risks in trusting randomized subdomains to run JS?

This question is similar to Is it safe to whitelist CDN domains?, but is focused on the user's perspective. It seems common in American business websites to use a CDN that presents partially random subdomains to load Javascript for core…
bright-star
  • 147
  • 5
1
vote
2 answers

Securely passing critical data to other domain

My company owns a domain A.com , and subsdiary is on B.com B.com redirects their users to A.com for accounts registrations. Post successfull registration , A.com logins that user ( User doesnt get to know this), creates a token and needs to pass…
Novice User
  • 2,088
  • 7
  • 26
  • 38
1
2
3 4 5