Again? Subdomain takeover via

3 min readSep 6


Exploiting subdomain takeover Ideanote, Ideanote is a new way to work with ideas. It’s faster, more efficient, and lets you build a fully customizable idea management flow from start to finish.


I am Hasyim, Founder of (Vulnerability Management From Nuclei CLI)

Photo by Manja Vitolic on Unsplash

Why does subdomain takeover happen?

In general, when a developer wants to connect his subdomain/rootdomain, he has to play with CNAME. Each service has a different cname,….. Read More


I have prepared a target list to find which subdomain has the cname “” as for the command, I only use the httpx tool.

root@kresec:~# cat randomlist |httpx -silent -cname -sc -title -mc 200 [200] [9950] [Ideas] [] [200] [9330] [Ideanote] [] [200] [10296] [Redacted ****] []
root@kresec:~# dig | grep CNAME 0 IN CNAME
Image 2. if vuln

Vulnerable identification

With the httpx output above I did some identification to find out which ones are really vulnerable to takeover. after doing various experiments i concluded for the vulnerable :
— Title : Ideanote
— Body : The subdomain ideas doesn’t exist
— Status code : 200
— Connected to this cname :

How to Custom domain

Well, besides you can see directly how to custom domain from the official article, or you can follow my explanation below :

After you successfully create an account, it will be directed to a subdomain under the root domain of ideanote. Then to add a domain you can access the workspace menu, there is a section to enter the domain.

Image 3. Custom domain

In that menu you can also change the title, description, etc

Image 4. Setting workspace

Successful takeover

Finally, the subdomain should look like Image 5 below once it has been successfully taken over.

Image 5. Successful takeover


Thank you very much for those of you who want to clap, share, discuss this post.
You can also help subscribe to my YouTube channel & my community




Random post about web security & Ngoding