one thing i find really funny in infosec is domain takeovers1. the funny thing is, in a lot of cases you, the hacker who finds the vulnerability, gain control over the domain, and other people cannot steal it anymore. so by finding the bug you are automatically fixing the bug.
i found a H1 profile today, and their staging2 domain had an issue where i could take control over the domain they used. i did not have the issue on the PoC page i use, so by discovering it, i already fixed it. which is really ironic, because that kinda makes the vulnerability report unnecessary lmao
-
for context, a domain takeover is exactly what it says on the tin: you take over someone's domain through a bug.
-
"A staging environment (stage) is a nearly exact replica of a production environment for software testing."