Domain hijacking bug found in GoDaddy

domainking131

Forum Leader
Staff member
There was a security bug found in GoDaddy's website that could have allowed attackers to steal valuable domain names.

Security engineer Dylan Saccomanni found several “cross site request forgery” holes January 17, which he said could be used to “edit nameservers, change auto-renew settings and edit the zone file entirely”.
He reported it to Go Daddy (evidently with some difficulty) and blogged it up, with attack code samples, January 18. Go Daddy reportedly patched its site the following day.
A CSRF vulnerability is where a web site fails to adequately validate data submitted via HTTP POST. Basically, in this case Go Daddy apparently wasn’t checking whether commands to edit name servers, for example, were being submitted via the correct web site.

No domains have been reported missing because of this security threat!
 
Similar threads
Thread starter Title Forum Replies Date
Digital Pandit Konstantinos Zournas: Trademark owners' guide to avoid reverse domain name hijacking Resources 0
Digital Pandit TACO brawl goes into Reverse Domain Name Hijacking territory Legal Issues and Dispute 0
Digital Pandit World Biz Domains terminated after what seems like domain hijacking Legal Issues and Dispute 0
Digital Pandit How ICANN can abate Reverse Domain Name Hijacking Registrars 0
Digital Pandit Walmart found to have attempted reverse domain name hijacking Legal Issues and Dispute 0
Digital Pandit “Plan B” reverse domain name hijacking Legal Issues and Dispute 0
Digital Pandit WIPO panelist missed to find complainant's fault of reverse domain name hijacking Legal Issues and Dispute 0
Digital Pandit AbdulBasit Makrani wins AguaDulce.com domain reverse domain name hijacking case Legal Issues and Dispute 0
Digital Pandit Canadian company involved in reverse domain name hijacking over the domain name Mamar.com. Legal Issues and Dispute 0
Digital Pandit ink123 .com UDRP finding points to Reverse Domain Name Hijacking Legal Issues and Dispute 0
Digital Pandit Again a reverse domain name hijacking case from Brazil Legal Issues and Dispute 0
Digital Pandit Karma.com UDRP case ends in Reverse Domain Name Hijacking finding Legal Issues and Dispute 0
Digital Pandit A Spanish Company tries reverse domain name hijacking Legal Issues and Dispute 0
Digital Pandit SecretLab.com Vs TheSecretLab.com: Reverse domain name hijacking not even considered Non-Indian Domains 0
J Domain Hijacking Prevention Tips Legal Issues and Dispute 0
Digital Pandit A keynote speaker hit for reverse domain name hijacking Legal Issues and Dispute 0
Digital Pandit New Verdict: No reverse domain name hijacking in VDG.com case Legal Issues and Dispute 0
Digital Pandit Reverse Domain Name Hijacking finding in Ceate.com UDRP Legal Issues and Dispute 0
Digital Pandit Gene therapy company tries reverse domain name hijacking Legal Issues and Dispute 0
Jeff Reverse Domain Name Hijacking for Indian Hotels Legal Issues and Dispute 1
Digital Pandit Florida developer training company nailed for Reverse Domain Name Hijacking Legal Issues and Dispute 0
JulienJ Vulfpeck band member tries reverse domain name hijacking Legal Issues and Dispute 0
JulienJ Payments company commits reverse domain name hijacking Legal Issues and Dispute 0
JulienJ Insurance company Allianz tries reverse domain name hijacking a domain name Legal Issues and Dispute 0
JulienJ Office Depot gets reverse domain hijacking win over Viking.com domain name Legal Issues and Dispute 0
JulienJ Sex cam website owner nailed for reverse domain name hijacking Legal Issues and Dispute 0
JulienJ French clothing company Modz guilty of reverse domain name hijacking Legal Issues and Dispute 0
JulienJ HugeDomains gets reverse domain name hijacking win against Virgin Enterprises Legal Issues and Dispute 0
domainking131 Telepathy scores $40,000 from reverse domain name hijacking case Legal Issues and Dispute 0
domainking131 $65,000 legal fees awarded in reverse domain name hijacking case Legal Issues and Dispute 0
domainking131 Apple gets Reverse Domain Name Hijacking decision in cybersquatting dispute Legal Issues and Dispute 0
domainking131 Reverse domain name hijacking in HUG.com case Legal Issues and Dispute 0
domainking131 Reverse domain name hijacking alleged in HeidiPowell.com lawsuit Legal Issues and Dispute 1
domainking131 Blackjack.com UDRP thrown out with Reverse Domain Name Hijacking ruling Non-Indian Domains 0
domainking131 Emazing.nl nailed for Reverse Domain Name Hijacking Non-Indian Domains 0
domainking131 Wirecard nailed for Reverse Domain Name Hijacking Non-Indian Domains 0
domainking131 ShadesDaddy founder advices on Domain Name Hijacking Recovery Non-Indian Domains 0
domainking131 TrendyHair.es owner guilty of reverse domain hijacking Non-Indian Domains 0
domainking131 Reverse domain name hijacking ruling over SaintLazarusUSA.com Non-Indian Domains 0
the_poet Core Diagnostics of Gurgaon India, Guilty Of Reverse Domain Name Hijacking General Indian Domain Name Discussion 2
wpfreak Caves.in Premium One Word .in Domain For Sale 0
Digital Pandit Korean chicken restaurant chain resolves dispute with domain investor Legal Issues and Dispute 0
Digital Pandit Andrew Allemann: How to adapt to the changing world of domain investing ? Resources 0
Digital Pandit Elliot Silver: Promise I Can’t Keep When Buying a Domain Name Resources 0
Digital Pandit 4 letter domain Vs 22 letter domain. Which is better? Non-Indian Domains 0
T What is a Parked Domain and Why you need it? Parking 0
Digital Pandit KickStart Commerce Podcast: Stuart Maloff on balancing teaching and domain investing Resources 0
Digital Pandit .IS domain fee increases Registrars 0
Digital Pandit Elliot Silver on biggest perks of domain investing Resources 0
Digital Pandit DNW Podcast: Domain investing with Nikul Sanghvi Resources 0

Similar threads

whois



Forums dedicated to Indian domain names, including buying, selling, appraising, developing, and monetizing.

About Us

Threads
27,431
Messages
74,474
Members
7,669
Latest member
realmoneygaming
Top Bottom