Subdomain Takeover - pmp.oneweb.net

## Summary The issue happens due to using EC2 public DNS instead of using Elastic IPs as `CNAME` or `A` record. If the EC2 instance is killed or terminated and the DNS not updated this will lead to creating a dangling DNS record for the subdomain. The EC2 IP will be released to AWS IPs pool, This mean it's possible to assign the IP to new EC2 instance. ## PoC - Visit `http://pmp.oneweb.net/melbadry9.html` - Web Archive "https://web.archive.org/web/20211102203640/http://pmp.oneweb.net/melbadry9.html" {F1501722} ## Fix - Clear DNS records for mentioned subdomain ## Supporting Material/References: - https://blog.melbadry9.xyz/dangling-dns/aws/ddns-ec2-current-state ## Impact - High severity subdomain takeover as I have full control on Elastic IP and EC2 instance