Subdomain Takeover of https://test.diagrams.net/ in jgraph/www.diagrams.net-source

Valid

Reported on

May 22nd 2022

First of all, I apologize for reporting it here because I noticed that they have a program with huntr but only for DrawIO source code. Since I discovered this vulnerability I decided to ethically disclose it here instead of leaving it vulnerable.

I found a subdomain of diagrams.net that was previously connected to https://github.com/jgraph/www.diagrams.net-source/blob/da6a642d42db817dcd368a46d4b26d2adcfab29f/assets/CNAME but it was changed to www.diagrams.net.

To takeover the vulnerable subdomain, I just created a github repo and claimed the test.diagrams.net.

Impact

The vulnerable subdomain is test.diagrams.net, malicious actor could use it to host malicious resources such as fake diagrams.net or phishing pages.

We are processing your report and will contact the jgraph/www.diagrams.net-source team within 24 hours. a year ago
David Benson modified the Severity from High (7.5) to Medium (5.3) a year ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
David Benson validated this vulnerability a year ago
Aj Dumanhug has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
David Benson marked this as fixed in 1.0.0 with commit 166baf a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
David Benson
a year ago

Maintainer

Thanks for the report, DNS entry removed.

Aj Dumanhug
a year ago

Researcher

You're welcome!

to join this conversation