php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Sec Bug #74238 pt2.php.net subdomain takeover
Submitted: 2017-03-12 07:15 UTC Modified: 2017-10-16 03:05 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: is4curity at gmail dot com Assigned: rasmus (profile)
Status: Closed Package: Website problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: is4curity at gmail dot com
New email:
PHP Version: OS:

 

 [2017-03-12 07:15 UTC] is4curity at gmail dot com 
Description:
------------
hello

your subdomain pt2.php.net pointing to php.dominios.pt

https://mxtoolbox.com/SuperTool.aspx?action=cname%3apt2.php.net&run=toolpage
pt2.php.net. IN CNAME php.dominios.pt

and its expire or you can go to here

https://my.dominios.pt/orderdomain.php?action=checkAvailability&directForm=1&domains=php&tld%5b%5d=.dominios.pt

check about domain php.dominios.pt its Available

hacker can register it

the domain can claim by anyone

so u must delete cname
or register the domain again

see the photo 

https://image.ibb.co/b4oUtv/cname.png

https://image.ibb.co/n8AaYv/domain_checker.png


thanks


Expected result:
----------------
the hacker if he register the domain he will add contents he can hack the 
pt2.php.net vistor

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-03-14 11:03 UTC] krakjoe@php.net
-Assigned To: +Assigned To: rasmus
 [2017-03-14 11:03 UTC] krakjoe@php.net 
Rasmus would you mind having a look at this ?

Maybe re-assign to someone more appropriate.
 [2017-03-14 11:22 UTC] nikic@php.net 
I've explicitly disabled the mirror and mailed the maintainer.
 [2017-03-14 19:00 UTC] rasmus@php.net
-Status: Assigned +Status: Closed
 [2017-03-14 19:00 UTC] rasmus@php.net 
I deleted the mirror. It will take a little while to propagate out.
 [2017-09-18 21:38 UTC] is4curity at gmail dot com 
but the cname stil same before didnot deleted yet

see this screen

https://i.imgur.com/nB660Ul.png

and the cname subdomain is avisable to register see this screen from inside easydns any one can regester it just pay the money see photo

https://i.imgur.com/K5cGhVl.png

https://i.imgur.com/DNMvAFC.png

https://i.imgur.com/JRZ79iP.png

best regards
mahmoud elmanzalawy
 [2017-09-19 06:57 UTC] requinix@php.net 
It still resolves for me from 8.8.8.8/4.4, however querying the php.net nameservers directly gives an empty result. Was the DNS entry not entirely removed?
 [2017-09-19 11:39 UTC] Is4curity at gmail dot com 
Hello 
No sir . not entirely removed
See that url explain how remove all cname records 

https://ae.godaddy.com/help/change-a-
cname-record-19237

After you remove all inform me to confirm  it fixed
 [2017-09-19 11:51 UTC] is4curity at gmail dot com
-Status: Closed +Status: Assigned
 [2017-09-19 11:51 UTC] is4curity at gmail dot com 
Sorry this is the true url

https://ae.godaddy.com/help/change-a-cname-record-19237
 [2017-09-21 10:29 UTC] is4curity at gmail dot com 
Hello 
Now i confirm its fixed and the cname is removed
 [2017-09-21 10:48 UTC] requinix@php.net
-Status: Assigned +Status: Closed
 [2017-09-21 10:48 UTC] requinix@php.net 
Yup.
 [2017-09-21 20:39 UTC] is4curity at gmail dot com
-Type: Bug +Type: Security -Private report: No +Private report: Yes
 [2017-09-21 20:39 UTC] is4curity at gmail dot com 
thank you @requinix for quick reply
 [2017-09-21 20:52 UTC] is4curity at gmail dot com 
can i ask you kindly make the report is public not private
 [2017-10-16 03:05 UTC] stas@php.net
-Package: Other web server +Package: Website problem
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 05:01:27 2025 UTC