American news site’s subdomains left open for takeover

A team of specialists from a pentesting course found a vulnerability on the website of CBS Local, an American media company. In addition to the flaw, the site’s weak security configurations allowed the content of 3 subdomains belonging to the company to be exposed for any threat actor to take control over them.

According to the report, cybercriminals could easily take control of exposed subdomains for malicious use, such as the theft of login credentials or financial data. After receiving the report, the affected company decided to permanently remove the three compromised sites.

Subdomains are a prefix to a site address (URL) and are used by their primary sites for technical or SEO-related reasons. If a primary URL looks like www.parent.com, its subdomain can be found in www.subdomain.parent.com. Subdomains are configured for several different reasons, such as testing new features before adding them to their primary URL or separating them between different content types.

Unfortunately, these resources are often exposed to hijacking due to various reasons, such as DNS and misconfigurations of hosting, or using unsupported mechanisms, pentesting course specialists mentioned.

Specialists discovered 3 vulnerable subdomains hosting CBS Local content: ESP Guide, Contest, and Privacy Offers. According to the experts, contest.cbslocal.com was used as a placeholder to display information about contests held on the main site; it may have been part of the company’s marketing strategy. On the other hand, espguide.cbslocal.com served as a CBS newsletter called “Eat.Sleep.Play.” Finally, it seems privacy.offers.cbslocal.com used to display CBS Local privacy policies. This latest subdomain presents the best opportunities for scams, as its name looks like a genuine privacy-related website.

Subdomains target URLs hosted in Amazon Web Services (AWS) buckets. Unfortunately, the content of the 3 subdomains was no longer registered with Amazon at some point while their content mapping remained active. Because of this, each site generated an error, indicating that they were vulnerable and any user could have claimed control over them.

Although the CBS Local website is visited by millions of users, these subdomains appear to have stopped working years ago, so it is highly unlikely that any user registered on the main site will reach any of the compromised sites. However, experts in the pentesting course do not rule out that a few users may be exposed to phishing attacks or redirect to malicious sites.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.