⚠️ Subdomain Takeover - Security Research PoC
Proof of Concept for Responsible Disclosure
This page demonstrates a subdomain takeover vulnerability. No data is exfiltrated.
Vulnerability Details
- Affected Domain:
esp-api-portal.dev-consular.mfaservices.nl
- CNAME Target:
mfa-con-d-esp-agw-apim-pubip.westeurope.cloudapp.azure.com
- Issue: Dangling DNS record pointing to unclaimed Azure resource
🍪 Cookie Access Demonstration
This subdomain can read cookies scoped to .mfaservices.nl
⚠️ If cookies appear, it proves session hijacking is possible via this takeover.
Impact Assessment:
- Session cookie theft from authenticated users
- Phishing attacks using legitimate subdomain
- Bypass of same-origin policy for cookie access
- Valid SSL certificate obtained (proves full control)
Remediation
- Remove the dangling CNAME record from DNS
- Or reclaim the Azure public IP resource
- Audit all DNS records for similar issues
- Review cookie scope settings (avoid
Domain=.mfaservices.nl)
Responsible Disclosure
This vulnerability is being reported through proper channels to the domain owner.
Researcher: Smaran Chand (@smaranchand)
Timestamp: