Twitter : Mopub.com Subdomain Takeover

Hello everyone out there ! Today i'll show you how my friend and me tookover sub-domain of http://mopub.com a property of twitter ☺

So how sub-domain takeover work ?

 If we talk in simple words it happen when domain manager point Subdomain to an external server but forget to claim on external service or expire of account in this case any one can claim it and place content on it 😮.

My friend got good skills in dorking so apart from wordlist sub domain bruter he started qith his dorking and got a sub domaim http://web.mopub.com which was pointing to DYN servers (It is service to redirect and DNS manager like features)





And then i tried to claim it via trial but DYN not accepting Indian credit card, i tested im another account of DYN then it given me an error which means domain already claim this is beacause i added it to my cart, That clearly means that they don't claimed that subdomain (I was already pretty sure with error on Subdomain but i confirmed it ) Now i reported it on theory based report but twitter keep saying Need more info but after a clear theory explanation ans cart PoC they finally triaged😇.

But the main part start here i removed Subdomain from my DYN account and someone claimed it with US card #_#





😤😤😤 Now i have PoC also :-) i given this to twitter ( Bounty already rewarded )

They patched it by removing DYN entries.

My Tip to all newbie, Not always XSS and pre defined you will get. You should have an eye on what going around your target.

Thanks to that guy who claimed it 😂😆

"My Friend" = Rudra Pratap Singh

Bug Timeline

28 Feb 2016 -- Bug found and Reported
29 Feb 2016 -- Need more information
29 Feb 2016 -- More info send by friend
01 Mar 2016 -- Need more information
01 Mar 2016 -- More information sent by me
02 Mar 2016 -- Triaged
05 Mar 2016 -- 280$ Bounty rewarded
10 Mar 2016 -- Issue Resolved



16 comments:

  1. What's the dork use for searching the subdomain and knowing web.mobup.com belong to Twitter?

    ReplyDelete
    Replies
    1. I'm a professional in all kinds of hacking services, which leads me into giving out a blank ATM card to all individuals & serious minded people only. I hack, clone ATM cards worth's the total sum of $500,000.00 United States Dollars, with this card you can withdraw the sum of $3500 as daily limit till you cash out the sum total said sum & this cards has been cloned & hacked in the manner that you'll never be caught not detected during usage. For more info, kindly email us: fastatmhackers@gmail.com OR Call/WhatsApp: +16626183756



      Delete
    2. Need The To Hire A Hacker❓ Then contact PYTHONAX✅

      The really amazing deal about contacting PYTHONAX is that the Hack done by us can’t get traced to you, as every Hacking job we do is strongly protected by our Firewall. It’s like saying if anyone tries to trace the Hack, it will lead them to us and we block whatever actions they are doing.

      We have been Invisible to Authorities for almost a decade now and if you google PYTHONAX, not really about us comes out, you can only see comments made by us or about us.

      Another Amazing thing to you benefit from Hiring our Hackers is that you get a Legit and the best Hacking service, As we provide you with Professional Hackers who have their Hacking Areas of specialization.
      We perform every Hack there is, using special Hacking tools we get from the dark web.

      Some list of Hacking Services we provide are-:
      ▪️Phone Hacking & Cloning ✅
      ▪️Computer Hacking ✅
      ▪️Emails & Social Media Account Hacking✅
      ▪️Recovering Deleted Files✅
      ▪️Tracking & Finding People ✅
      ▪️Hunting Down Scammers✅
      ▪️Hack detecting ✅
      ▪️Stealing/Copying Files & Documents From Restricted Networks and Servers ✅
      ▪️Bitcoin Multiplication✅
      ▪️Binary Option Money Recovery ✅
      ▪️Forex Trading Money Recovery✅
      ▪️IQ Option Money Recovery✅
      And lots more......


      Whatever Hacking service you require, just give us an Email to the Emails Address provided below.
      pythonaxhacks@gmail.com
      pythonaxservices@gmail.com

      2020 © PYTHONAX.

      Delete
    3. Selling good and fresh cvv fullz

      track 1 and 2 with pin

      bank login

      bank transfer

      writing cheques

      transfer to cc ...

      Sell Fresh CVV - Western Union Transfer - Bank Login - Card Dumps - Paypal - Ship

      Fresh Cards, Selling Dumps, Cvvs, Fullz

      Tickets,Hotels,Credit card topup...Paypal transfer, Mailer,Smtp,western union login,

      Book Flight Online

      SELL CVV GOOD And HACK BIG CVV GOOD Credit Card

      Fresh Cards. Selling Dumps, Cvvs, Fullz.Tickets,Hotels,Credit cards


      Sell Cvv(cc) - Wu Transfer - Card Dumps - Bank login/paypal

      And many more other hacking services

      contact me : hackerw169@gmail.com
      ICQ: 699 396 818


      - I have account paypal with good balance

      - I hope u good customers and will be long-term cooperation


      Prices Western Union Online Transfer


      -Transfer(Eu,Uk,Asia,Canada,Us,France,Germany,Italy and very

      easy to do African)

      - 200$ = 1500$ (MTCN and sender name + country sender)

      - 350$ = 4000$ (MTCN and sender name + country sender)

      - 500$ = 6000$ (MTCN and sender name + country sender)

      - 600$ = 8000$ (MTCN and sender name + country sender)

      Then i will do transfer's for you, After about 30 mins you'll have

      MTCN and sender name + country sender


      - Dumps prices

      - Tracks 1&2 US = 85$ per 1

      - Tracks 1&2 UK = 100$ per 1

      - Tracks 1&2 CA / AU = 110$ per 1

      - Tracks 1&2 EU = 120$ per 1


      Bank Logins Prices US UK CA AU EU


      - Bank Us : ( HALIFAX,BOA,CHASE,Wells Fargo...)

      . Balance 5000$ = 250$

      . Balance 8000$ = 400$

      . Balance 12000$ = 600$

      . Balance 15000$ = 800$

      . Balance 20000$ = 1000$

      - Bank UK : ( LLOYDS TSB,BARCLAYS,Standard Chartered,HSBC...)

      . Balance 5000 GBP = 300 GBP

      . Balance 12000 GBP = 600 GBP

      . Balance 16000 GBP = 700 GBP

      . Balance 20000 GBP = 1000 GBP

      . Balance 30000 GBP = 1200 GBP


      contact me : hackerw169@gmail.com
      ICQ: 699 396 818

      Delete
    4. Twitter : Mopub.Com Subdomain Takeover - Yet Another Infosec Blog >>>>> Download Now

      >>>>> Download Full

      Twitter : Mopub.Com Subdomain Takeover - Yet Another Infosec Blog >>>>> Download LINK

      >>>>> Download Now

      Twitter : Mopub.Com Subdomain Takeover - Yet Another Infosec Blog >>>>> Download Full

      >>>>> Download LINK BY

      Delete
  2. What's the dork use for searching the subdomain and knowing web.mobup.com belong to Twitter?

    ReplyDelete
  3. شركة كشف تسربات المياه بالدمام
    تسربات المياه هي عبارة عن ظاهرة تحدث بسبب تواجد خلل في أحد اماكن الشبكات الخاصة بالماء نتيجة تواجدة فتحة ما تسبب في تآكل أحد الانابيب وبالتالي يتسبب من خلالها حدوث التسريب ومن الضروري جداً أن تعمل على حل هذه المشكلة في أسرع وقت ممكن حيث تعمل شركة كشف تسربات المياه بالدمام على وضع الحلول المناسبة لهذه المشكلة والقيام بمعالجتها على الفور.
    طرق معرفة كشف تسربات المياه بالدمام
    يوجد الكثير من العوامل التي تعرفك حالات حدوث تسربات المياه في منزل والتي تتمثل في التالي:-
    .وجود إرتفاع غير سابق في فاتورة الماء الخاصة بك -1
    . تواجد رطوبة في أماكن معينة مثل السقف أو الجدران -2
    .تواجد تشققات في الحائط والدهانات -3
    تواجد صدأ في مواسير الماء بالإضافة إلى ظهور ماء بأرضيات المطابخ والحمامات -4
    نصائح وإرشادات شركة كشف تسربات بالدمام
    ضرورة الترشيد السليم في استعمال الماء بالأماكن التي تستخدم الماء بكميات قليلة بالإضافة إلى التأكد من أن كافة صنابير المياه مغلقة بإحكام والقيام بإصلاح أي صنبور غير مغلق بطريقة جيدة.
    تعمل شركة كشف تسربات المياه بالدمام على استعمال طرق الكشف الحديثة للتعرف على اماكن تواجد هذه التسربات حتى تتفادى حدوث أي أضرار فيما بعد على العميل لأنها تؤدي إلى حدوث هدم المنازل وغيرها من الأمور الأخرى كما إنها تقوم على بناء كل ما تم هدمه أثناء عملية الكشف عن تسربات المياه بالدمام بأقل التكاليف لكسب ثقة العملاء.
    لمزيد من خدماتنا
    شركة كشف تسربات المياه بالخبر
    للتواصل
    0537772829
    لزيارة موقعنا
    https://forsan-dmm.com/

    ReplyDelete
    Replies
    1. الدليل السعودي يُساعدك على التعرف والإختيار بين أفضل الشركات الخدمية المتواجدة في المملكة والتي تقدم خدمات مكافحة الحشرات وإبادة القوارض ورش المبيدات وخدمات نقل وفك وتركيب وتغليف وتخزين العفش والأثاث وخدمات التنظيف مثل تنظيف المنازل والخزانات وتنظيف البلاط والرخام وتلميعهُ, وأيضاً خدمات عزل الخزانات المياه وكشف تسربات وخدمات تسليك المجاري وتركيب السيراميك وتنفيذ أعمال الدهانات والكلادينج. والهدف الأساسي توفير جميع الخدمات للعميل السعودي ليستطيع الإختيار بسهولة للغاية والحصول على مبتغاه من الشركات القوية للغاية وتم تقسم الموقع إلى عدة أقسام رئيسية بالخدمات التي تقدمها الشركات المتواجدة في كل منطقة من مناطق المملكة العربية السعودية.

      شركة نقل عفش بحفر الباطن
      شركة جلي بلاط بحفر الباطن
      شركة تنظيف خزانات بحفر الباطن
      شركة مكافحة حشرات بحفر الباطن
      شركة كشف تسربات بمكة
      شركة كشف تسربات بنجران
      أكبر حراج في المملكة
      شركة عزل خزانات بحفر الباطن

      Delete
  4. INSTEAD OF GETTING A LOAN, CHECK OUT THE BLANK ATM CARD IN LESS THAN 24hours {blankatmhaker@gmail.com}

    Am Mark Oscar,I want to testify about Jack Robert blank ATM cards which can withdraw money from any ATM machines around the world. I was very poor before and have no hope then I saw so many testimony about how Jack Robert send them the ATM blank card and use it to collect money in any ATM machine and become rich. I also email him and he sent me the blank card. I have use it to get 70,000 dollars. withdraw the maximum of $5,000 daily. Jack Robert is giving out the card just to help the poor. Hack and take money directly from any ATM Machine Vault with the use of ATM Programmed Card which runs in automatic mode. email Him on how to get it now via: blankatmhaker@gmail.com or call/Text on +1(406) 350-4986

    ReplyDelete
  5. I DONT KNOW WHAT YOU HAVE BEEN THROUGH OR HOW LONG YOU HAVE BEEN LOOKING BUT THIS IS THE LAST STOP AS THERE IS A HACKER WHO CAN HELP YOU WITH SPY WARE ON YOUR CHEATING PARTNER OR UPGRADE YOUR SCHOOL SCORES OR HELP WITH RESULT AND CLEAR ANY CRIMINAL RECORD..

    HACKING OF FACEBOOK , EMAIL , AND BANK ACCOUNTS ARE HIS SPECIALTY.. EMAIL : GREENFR1007@GMAIL.COM OR SKYPE:SATISH.ANCHAN4

    BEST EVER

    ReplyDelete
  6. Hi my name is ((Mills Dachin)) your reliable Hacker, checkout the list if what you want isnt their don't worry just tell us it shall be done.

    *Facebook Hacking Tricks
    * Database Hacking
    * G-mail/AOL/Yahoomail/ Inbox Hacks
    *Control Device Remotely Hack
    *University Grade Upgraded
    *Wiping of Credit Cards/ Increase Credit Cards Hacks
    *Western Union & Money Gram Hacks
    *Loan Transfer
    *Flipping mining
    *Hacking Card (ATM)
    *Recover your lost Btcoin password etc.

    All you need do just Email:- pointekhack@gmail.com and your job is done with %100✓ guarantee

    ReplyDelete
  7. Beware of scammers i have been scammed 3 times because i was trying to know if my husband was cheating until i met this hacker named; cyberghost475 AT gmail DOT com who helped me hack into my spouse phone for real this great hacker hacked into my spouse whats-app messages,Facebook messages.text messages,call logs,deleted text messages,bitcoin account and many more i was impressed with his job and he brought me results under 24 hours believe me he is real and his services are cheap and affordable.: +1 929 359 3547

    ReplyDelete
  8. ARE YOU WILLING TO HIRE THE REAL HACKERS TO GET YOUR CYBER PROBLEMS FIXED WITH SWIFT RESPONSE?
    AND ARE YOU A VICTIM OF THE BINARY OPTION SCAM?
    Solving a problem for which you know there’s an answer is like climbing a mountain with a guide, along a trail someone else has laid.
    This post is actually for those who are willing to turn their lives around for the better, either financial-wise, relationship-wise or businesses.
    Our primary reason for this development is to ensure that those in need of help don’t get ripped off by forgeries.
    Who are the GlobalHackers?
    We are group of skilled professional hackers driven by passion to make the internet a safer place and render proficient services to those having cyber problems.
    This is a global idea that navigates a newbie to a prominent encounter ( Fully immersed to a degree that the subject in question Is a disorienting worthwhile experience on merits).
    Globalhackers has grown and expanded since it formation over the years due to the experience and professionalism of our management and technical staff. Our strength is based on our ability to bring together active cyber security professionals who individually has acquired enormous exposure in the world of HACKING
    As part of our corporate goals, providing value added services to meet our client needs and requirements has been our sustaining impetus.
    The new development on the Globalhackers platform is to assign to you the right HACKER to deal with your Particular kind of cyber issues depending on the kind of cyber problems you are willing to get fixed.
    Here, you would be refer to a legit professional hacker known for massive skills and security abilities.
    Skilled and trained on
    ▪Social media hacks (facebook, twitter, instagram,snapchat)
    ▪Email hacks
    ▪phone hacks
    ▪bitcoin hacks.
    ▪verified PayPal account hacks
    ▪database hacks
    ▪credit card top up
    ▪university score upgrade
    ▪money transfer
    ▪binary option funds recovery. ( recovered $4,372,063 million)
    The binary option scam is another problem facing the internet today.
    How do you avoid binary option scam and what do you do if you are a victim of the scam.
    Be wary of adverts on the internet and mostly on social media promising high returns from binary options trading. The binary option is one of the highly recorded scam on the internet.This are a form of fixed-odds betting.
    People investor their hard earned funds in the scammers website and at the end, they wouldn't be able to take their profit plus their investment too. The Globalhacks are breeding effort to put an end to these unbearable swindle scheme taking over the intenet and taking a solid step forward to render solution to those affected by the fleece… we have striven to make tenacious effort to relief those who were victims off their traumatic feeling of loss. ( We Are Here To Help Recover Your Stolen Funds).
    Here would be our cybersecurity techniques to retrieving back the victims stolen funds.
    ●The binary broker website would be traced down using a game over peer to peer network via a bug attack,
    The bug network secure an SQL trace on a hiding server, decentralizing it and redirecting the server to a soft plus network. A soft plus network enable varieties of unique web coding languages, Through that process reveals thier hidden networking source, displaying the changed web page made default.
    This unveil the hiding information traceable to track down the scammers and their embezzled central fund reserve system.
    HOW DO YOU STAY AWAY FROM FALSE BUSINESSES ONLINE?
    * Making enquiries for their firm reference number (FRN)
    * Contact details and barter their calls on the switchboard number and also
    * Never make use of the link in a website or an email from the firm propitiating you for an investment.
    For more enquiries and help, contact:
    Clarksoncoleman (at) gmail. com
    Info.globalhacks (at) gmail. com
    globalhacktech (at) protonmail. com
    HackerOne©️LLC 2030.

    ReplyDelete

  9. I'm here to testify about Mr Harry Blank ATM Cards which can withdraw money from any ATM machines around the world.. firstly I thought it was scam until I saw so many testimony about how Mr John sent them the ATM blank card and how it was used to withdraw money in any ATM machine and become rich so I decided to risk the opportunity I contacted him also and I applied for the Blank Card to my greatest surprise I have used it to get 10,000 dollars. maximum withdrawal daily $1,000, Mr Harry is giving out the card just to help the poor. Hack and take money directly from any ATM Machine Vault,If your interested kindly contact him directly on his email (harrybrownn59@gmail.com)

    ReplyDelete
  10. Twitter : Mopub.Com Subdomain Takeover - Yet Another Infosec Blog >>>>> Download Now

    >>>>> Download Full

    Twitter : Mopub.Com Subdomain Takeover - Yet Another Infosec Blog >>>>> Download LINK

    >>>>> Download Now

    Twitter : Mopub.Com Subdomain Takeover - Yet Another Infosec Blog >>>>> Download Full

    >>>>> Download LINK

    ReplyDelete
  11. Bulk Fullz Available

    CC Fullz with SSN info
    SSN DOB DL Fullz with Employee Info
    High Credit Scores Fullz (700+)
    Dumps With Pin Codes
    Business EIN Fullz
    Office365 Leads

    Fresh Spammed & Verified
    Bulk order will be preferable
    24/7 Delivery

    @killhacks .. ICQ/Telegram
    peeterhacks .. Wickr/Skype

    Sp-amming Complete Package Available (All Tools with Tuts)
    Hack-ing Stuff with All Tools, Tutorials, Ebooks, Guides
    Carding Cash out Methods/Tutorials
    Fr**d B***e 2021/2022
    D**k/D88p W-eb Complete Course with Video Tuts
    FB/WA Hac-king
    SMTP's/RDP's/C-panels
    Shells/Brutes
    Key-Loggers/Kali Linux Master Class
    BTC Cracker/Flasher
    SQLi Injector
    Working Mega Links/Onion Links
    Combos/Logins
    PayPal Logins/Coinbase Logins
    Office365 Logs
    Senders/Mailers/Web-mailers

    I.C.Q } 752822040
    Tel.gram } @leadsupplier
    Skype/Wickr } peeterhacks

    Tools will be given on demand
    Full Packages are also available
    All stuff will be guaranteed/Verified
    Just Buy & Start Work

    ReplyDelete

Powered by Blogger.