Jump to content

Search the Community

Showing results for tags 'godaddy'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 2 results

  1. Salut, Am cumparat in seara aceasta domenii .com de la godaddy cu 0.99$ pe an folosind codul : E prima data cand o fac dar m-am gandit sa iau si hosting de la ei, pentru wordpress..au ceva special si am luat pe un an cu reducere 35 % cu8 codul : Codul cu 35% poate fi folosit la orice produs nou, pe o luna,,pe un an..pe cat vrei. PS : Merge doar cu cardul, nu paypal si alte alea. Spor sper sa va ajute.
  2. Domain registrar GoDaddy yesterday patched a cross-site request forgery vulnerability that could have allowed an attacker to change domain settings on a site registered with GoDaddy. The flaw was reported on Saturday and patched within 48 hours, according to Dylan Saccomanni, a web application security researcher and penetration testing consultant in New York. “This vulnerability lies in GoDaddy domain settings (not account settings). If you go to ‘Domains’ when you log into GoDaddy, you’ll be presented with various options and settings you can edit for the specific domain you chose,” Saccomanni said. “That is where this issue is.” Cross-site request forgery is a chronic web application vulnerability, right up there with cross-site scripting and others that continue to stand in the way of secure development. CSRF works when a user authenticated to a web application or domain is forced by a hacker to make state-changing requests, including administrative requests in this case. The attacker, however, would have to combine this with some form of social engineering scam in order to lure the victim to their site hosting the attack. “It wouldn’t be difficult to exploit at all,” Saccomanni said. “The attacker would have a victim fill out a very professional looking form (maybe not even relating it to GoDaddy at all), and have the form perform a GoDaddy domain settings change request while they’re logged in. He could do this at scale, attracting GoDaddy users to his site, betting they’ll be logged in.” “It wouldn’t be difficult to exploit at all.” -Dylan Saccomanni Saccomanni said he discovered the vulnerability Saturday when looking at an old domain in GoDaddy, noticing a lack of cross-site request forgery protection on GoDaddy DNS management actions. Saccomanni said there was no CSRF token present in request body or headers, and no enforcement of Referrer. This lack of protection would give an attacker the ability to edit nameservers, change auto-renew settings and edit the zone file. “A user could have a domain de facto taken over in several ways. If nameservers are changed, an attacker changes the domain’s nameservers (which dictates what server has control of DNS settings for that domain) over to his own nameservers, immediately having full and complete control,” Saccomanni said. “If DNS settings are changed, he simply points the victim’s domain towards an IP address under his control. If the auto-renew function is changed, the attacker will try to rely on a user forgetting to renew their domain purchase for a relatively high-profile domain, then buy it as soon as it expires.” The #CSRF vulnerability could have allowed an attacker to change domain settings on a site registered with @Godaddy. Saccomanni said he tried many different email addresses associated with security and engineering, as well as customer support in order to report the bug. He said he received no confirmation from GoDaddy that the issue was patched, but yesterday did see protections put in place. A request for comment and confirmation from GoDaddy was not returned in time for publication. “The reply that I received from customer support was that 1. the security email address isn’t being actively monitored for incoming email and 2. thanking me for the feedback, but there was no timeline for a fix,” Saccomanni said, adding that he never found an official security contact with the registrar. “I wish I could give you a security contact because I wish I got one myself, but they didn’t even allow me to try and speak with a security engineer directly, which is a vastly disappointing security posture for a large domain registrar.” Source
×
×
  • Create New...