Subdomain Takeover of https://test.diagrams.net/ in jgraph/www.diagrams.net-source

Valid

Reported on

May 22nd 2022


First of all, I apologize for reporting it here because I noticed that they have a program with huntr but only for DrawIO source code. Since I discovered this vulnerability I decided to ethically disclose it here instead of leaving it vulnerable.

I found a subdomain of diagrams.net that was previously connected to https://github.com/jgraph/www.diagrams.net-source/blob/da6a642d42db817dcd368a46d4b26d2adcfab29f/assets/CNAME but it was changed to www.diagrams.net.

To takeover the vulnerable subdomain, I just created a github repo and claimed the test.diagrams.net.

Impact

The vulnerable subdomain is test.diagrams.net, malicious actor could use it to host malicious resources such as fake diagrams.net or phishing pages.

We are processing your report and will contact the jgraph/www.diagrams.net-source team within 24 hours. a month ago
David Benson modified the Severity from High (7.5) to Medium (5.3) a month ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
David Benson validated this vulnerability a month ago
Aj Dumanhug has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
David Benson confirmed that a fix has been merged on 166baf a month ago
The fix bounty has been dropped
David Benson
a month ago

Maintainer


Thanks for the report, DNS entry removed.

Aj Dumanhug
a month ago

Researcher


You're welcome!

to join this conversation