WordPress FlyWheel has a Domain TakeOver Flaw
Share this:
The security flaw was discovered in Flywheel, a platform that offers WordPress hosting and related services
A subdomain takeover vulnerability in a popular WordPress hosting platform Flywheel, could allow an attacker to deploy malicious code to a victim by impersonating a legitimate website, this flaw flagged with severity high
Taking Over the Domain
An attacker gains control over a subdomain of a target domain, usually when the subdomain has a CNAME in the DNS, but no host is providing content for it. An attacker can take over that subdomain by providing their own virtual host and then hosting their own content for it. The visitor will have no clue if something bad happened because still he can access the legitimate domain.
Using a subdomain takeover, attackers can send phishing emails from the legitimate domain, perform cross-site scripting (XSS) attacks, or even damage the reputation of the brand associated with the domain.
Exploiting the Flaw
Researchers found a page that was hosted by Flywheel but wasn’t set up correctly. They subscribed and created a site and linked to the vulnerable subdomain, thus taking it over.
An attacker can use this misconfiguration to take over the subdomain, publish arbitrary content, run malicious JavaScript code at the user’s end, harvest credentials using phishing attack[s], deface a website and steal the cookies of the user if cookies are scoped to the parent domain and escalate to account takeover.
Mitigation
To protect against this attack, end users should audit available DNS records and make sure they are aware of how exactly they are used and what type of services or applications are managed on them. Make sure to remove the stale CNAME record in the DNS zone file. Ensure your external services are configured to listen to your wildcard DNS.
