> For the complete documentation index, see [llms.txt](https://adrena.gitbook.io/adrena/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://adrena.gitbook.io/adrena/reports/20-09-2024-fe-render-subdomain-takeover-front-end.md).

# 20/09/2024 - FE- render Subdomain takeover (Front End)

### What

See report<br>

### Impact

Ddos<br>

### Details

**issue found:** Ajay Sec\
**issue fix:** \
**patch in**:\
**proposal url:** \
**bounty payment url:** [**https://dao.adrena.xyz/dao/AdrenaDAO/proposal/3SDUoBx1GS5Ej4oFGKisCxeErhYYhuzmfU2y57vn3Vdz**](https://dao.adrena.xyz/dao/AdrenaDAO/proposal/3SDUoBx1GS5Ej4oFGKisCxeErhYYhuzmfU2y57vn3Vdz)<br>

### Original report:&#x20;

> critical render Subdomain takeover \
> \
> I have found a subdomain takeover bug in adrena subdomain. It is pointing to render which can be used by attacker to takeover its subdomain. It means one of your pages are built on render and now there is nothing in it but still uses your subdomain which can be taken over by any attacker on your name and misuse it.\
> \
> One should never keep this websites empty which are built on third party sites if they are not in use as that can be easily takeover by [render.com](http://render.com/) premium account\
> \
> Similar vulnerabilities reported by me in the past has been fixed and rewarded this way:\
> \
> [primitive.finance](https://primitive.finance/)\
> [alpha.daylight.xyz](http://alpha.daylight.xyz/)\
> \
> Also reference of immunefi bug bounty programs considering the subdomain takeover impact as high severity\
> \
> Vulnerable url :\
> Go to  [https://datapi.adrena.xyz](https://datapi.adrena.xyz/)\
> \
> \
> You will see there is nothing on the subdomain and service has been suspended which is the fingerprint of onrender when nothing hosted on it. \
> and you can get the CNAME by $dig [datapi.adrena.xyz](https://datapi.adrena.xyz/)\
> \
> \
> [datapi.adrena.xyz](https://datapi.adrena.xyz/). 1799 IN CNAME [transactions-api-7rbo.onrender.com](https://transactions-api-7rbo.onrender.com/).\
> \
> I was able to confirm the render subdomain takeover using the fingerprint but didn't takeover due to the sole reason it needs to take premium account for a custom domain to add.  \
> \
> Impact:\
> Attacker can takeover the subdomain and can misuse by creating fake adrena  page  and much more which will harm the company's name and can trick users to go to his page. \
> Attacker can host his adrena anpage with airdrops and send it to users. \
> \
> fake website\
> malicious code injection\
> users tricking\
> company impersonation\
> This issue can have really huge impact on the companies reputation someone could post malicious content on the compromised site and then your users will think it's official but it's not.\
> \
> Remediation:\
> Remove  the website if its not in use


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://adrena.gitbook.io/adrena/reports/20-09-2024-fe-render-subdomain-takeover-front-end.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
