azure-takeover-detection: Microsoft Azure Takeover Detection

日期: 2025-08-01 | 影响软件: Microsoft Azure | POC: 已公开

漏洞描述

Microsoft Azure is vulnerable to subdomain takeover attacks. Subdomain takeovers are a common, high-severity threat for organizations that regularly create and delete many resources. A subdomain takeover can occur when a D>

PoC代码[已公开]

id: azure-takeover-detection

info:
  name: Microsoft Azure Takeover Detection
  author: pdteam
  severity: high
  description: Microsoft Azure is vulnerable to subdomain takeover attacks. Subdomain takeovers are a common, high-severity threat for organizations that regularly create and delete many resources. A subdomain takeover can occur when a D>
  reference:
    - https://godiego.co/posts/STO/
    - https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover
    - https://cystack.net/research/subdomain-takeover-chapter-two-azure-services/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
    cvss-score: 7.2
    cwe-id: CWE-404
  metadata:
    max-request: 1
  tags: dns,takeover,azure

dns:
  - name: "{{FQDN}}"
    type: A

    matchers-condition: and
    matchers:
      - type: word
        words:
          - NXDOMAIN
      - type: dsl
        dsl:
          - 'contains(cname, "azure-api.net")'
          - 'contains(cname, "azure-mobile.net")'
          - 'contains(cname, "azurecontainer.io")'
          - 'contains(cname, "azurecr.io")'
          - 'contains(cname, "azuredatalakestore.net")'
          - 'contains(cname, "azureedge.net")'
          - 'contains(cname, "azurefd.net")'
          - 'contains(cname, "azurehdinsight.net")'
          - 'contains(cname, "azurewebsites.net")'
          - 'contains(cname, "azurewebsites.windows.net")'
          - 'contains(cname, "blob.core.windows.net")'
          - 'contains(cname, "cloudapp.azure.com")'
          - 'contains(cname, "cloudapp.net")'
          - 'contains(cname, "database.windows.net")'
          - 'contains(cname, "redis.cache.windows.net")'
          - 'contains(cname, "search.windows.net")'
          - 'contains(cname, "servicebus.windows.net")'
          - 'contains(cname, "trafficmanager.net")'
          - 'contains(cname, "visualstudio.com")'
          - 'contains(cname, "web.core.windows.net")'
    extractors:
      - type: dsl
        dsl:
          - cname
# digest: 4b0a00483046022100c0fc0981836b7e9d685d881e9338318469233d9c4e40497e0c0d5dcca945ca62022100ea54d3c987b50ae40a72305f54d16a767ca7534f0d7e44f8754b08d73824c2e7:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./dns/azure-takeover-detection.yaml

相关漏洞推荐