Keycdn (kxcdn.com) is not vulnerable for subdomain takeover #112

mzet- · 2019-09-09T10:24:05Z

Service name

Content delivery, simplified (https://www.keycdn.com/).

Documentation

It seems that there is no way to claim dangling CNAME record to kxcdn.com entry. As record of kxcdn.com has following structure:

<user-provided-input>-<keycdn-user-ID>.kxcdn.com

attacker has only control of the first part of the entry (i.e. <user-provided-input>) second part is (<keycdn-user-ID>) is assigned by the KeyCdn during registration.

The text was updated successfully, but these errors were encountered:

codingo · 2019-09-09T10:50:17Z

Closed with #113

codingo · 2019-09-09T10:58:32Z

Also thank-you @mzet-, I was rushing and should have said that initially. This is very appreciated though!

Steiner-254 · 2022-09-03T15:35:31Z

haha..nice

codingo added the not vulnerable Someone has made it very clear that this service is not vulnerable to subdomain takeovers. label Sep 9, 2019

codingo mentioned this issue Sep 9, 2019

Add KeyCDN #113

Merged

codingo closed this as completed Sep 9, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Keycdn (kxcdn.com) is not vulnerable for subdomain takeover #112

Keycdn (kxcdn.com) is not vulnerable for subdomain takeover #112

mzet- commented Sep 9, 2019

codingo commented Sep 9, 2019

codingo commented Sep 9, 2019

Steiner-254 commented Sep 3, 2022

Keycdn (kxcdn.com) is not vulnerable for subdomain takeover #112

Keycdn (kxcdn.com) is not vulnerable for subdomain takeover #112

Comments

mzet- commented Sep 9, 2019

Service name

Documentation

codingo commented Sep 9, 2019

codingo commented Sep 9, 2019

Steiner-254 commented Sep 3, 2022