Subdomain Takeover of https://test.diagrams.net/ in jgraph/www.diagrams.net-source
May 22nd 2022
First of all, I apologize for reporting it here because I noticed that they have a program with huntr but only for DrawIO source code. Since I discovered this vulnerability I decided to ethically disclose it here instead of leaving it vulnerable.
I found a subdomain of diagrams.net that was previously connected to https://github.com/jgraph/www.diagrams.net-source/blob/da6a642d42db817dcd368a46d4b26d2adcfab29f/assets/CNAME but it was changed to
To takeover the vulnerable subdomain, I just created a github repo and claimed the test.diagrams.net.
The vulnerable subdomain is test.diagrams.net, malicious actor could use it to host malicious resources such as fake diagrams.net or phishing pages.