Dangling DNS: Announcekit
Another service vulnerable to subdomain takeover
Last updated
Was this helpful?
Another service vulnerable to subdomain takeover
Last updated
Was this helpful?
This post is the write-up about the subdomain takeover vulnerable service that I found. Although this is a paid service, It's possible to create PoC without purchasing the service during the trial period.
is a user communication platform that helps you announce product updates to increase feature adoption.
CNAME
record should be pointing to cname.announcekit.app
I use the following template to check for possible candidates.
We should see a similar error page to verify whether the subdomain takeover may be possible.
To detect a vulnerable subdomain, we use the following fingerprint based on the HTTP response. we confirm whether the subdomain is vulnerable or not.
Go to https://announcekit.app/dashboard/settings/feeds
Set Custom Hostname
to the subdomain, we want to takeover akit-tk.melbadry9.xyz
Visit https://kit-tk.melbadry9.xyz
I use the following template to check for the vulnerable subdomain.
Register an account on
I opened an issue on regarding this service: