[–] renholder 7y ago ↗ Seems to be a test for the flaw. Is there any documentation surrounding the actual flaw?
[–] phillipseamore 7y ago ↗ Just seems to lookup subdomains in DNS that are on bypass. Checked a few domains that I have with Cloudflare and they only listed IP's that I'm explicitly bypassing Cloudflare.
[–] troydavis 7y ago ↗ As other noted, this isn’t a flaw at all. https://support.cloudflare.com/hc/en-us/articles/11500368793... explains what not to do, but basically, don’t create guessable hostnames or shared services that resolve to your origin.
4 comments
[ 3.2 ms ] story [ 24.7 ms ] thread