Search Hashnode

Search posts, tags, users, and pages

Discussion on "Account Takeover due to DNS Rebinding" | Hashnode

Feed

Discussion

Voorivex

@yshahinzadeh

Sep 17, 2024

Account Takeover due to DNS Rebinding

Hello guys, after a long time, I decided to write a blog post. I chose a vulnerability that I recently uncovered in Hashnode. As you may have already noticed, I set up this blog on Hashnode. Naturally, when I use a third-party service like this, I sp...

blog.voorivex.team5 min read

#dns-rebinding #bugbounty #account-takeover

Responses(3)

rootface

Dec 29, 2025

cool

nice writeup , thanks for sharing

I have a question : so if the next_check() checks (verify) the cname record every time (when function called) and if it matches "hashnode.network" it will prevent this attack ?

and the cause of this vulnerability is because hashnode only verifies the cname record once , only when it is adding to the db, , am I correct?🤔

Most discussed

G
When RAM Matters: Memory Efficiency of AWK Variants
33P D F13h ago
M
What is a Developer When We Use Coding Agents? My 1-Day BMAD Experiment
61D12h ago
M
The AI Skills Gap: Why Companies Still Can’t Find AI Engineers
1K1d ago
2
The Rise of Agentic AI and Smarter Search Algorithms
1M19h ago
T
Exploring Modern AI: Agentic Systems and Smarter Search Algorithms
1K15h ago

VCODER

Full Stack Web Dev & Bug hunter

Sep 17, 2024

Voorivex

@yshahinzadeh

Sep 17, 2024

First question: yes, but the checker function should not rely on the DNS cache. If it does, the attack will still exist

Second question: not just once. Hashnode checked the DNS record at regular intervals (every 10 minutes) which was prone to DNS Rebinding attack

Navid Mirzaaghazadeh

php developer

Sep 17, 2024

Recent discussions

F
Navigating Trust in the Autonomous Age of AI Agents
1K12h ago
M
What is a Developer When We Use Coding Agents? My 1-Day BMAD Experiment
61D12h ago
A
🤖 AI Agents Weekly: Claude Code Review, AutoHarness, Perplexity Personal Computer, Cloudflare /crawl, Context7 CLI, and More
1K12h ago
G
When RAM Matters: Memory Efficiency of AWK Variants
33P D F13h ago
Q
1M Token Context Windows Just Went GA - Here's What Actually Changes
1K13h ago