The security flaw was discovered in Flywheel, a platform that offers WordPress hosting and related services
A subdomain takeover vulnerability in a popular WordPress hosting platform Flywheel, could allow an attacker to deploy malicious code to a victim by impersonating a legitimate website, this flaw flagged with severity high
Taking Over the Domain
An attacker gains control over a subdomain of a target domain, usually when the subdomain has a CNAME in the DNS, but no host is providing content for it. An attacker can take over that subdomain by providing their own virtual host and then hosting their own content for it. The visitor will have no clue if something bad happened because still he can access the legitimate domain.
Using a subdomain takeover, attackers can send phishing emails from the legitimate domain, perform cross-site scripting (XSS) attacks, or even damage the reputation of the brand associated with the domain.
Exploiting the Flaw
Researchers found a page that was hosted by Flywheel but wasn’t set up correctly. They subscribed and created a site and linked to the vulnerable subdomain, thus taking it over.
To protect against this attack, end users should audit available DNS records and make sure they are aware of how exactly they are used and what type of services or applications are managed on them. Make sure to remove the stale CNAME record in the DNS zone file. Ensure your external services are configured to listen to your wildcard DNS.