The flaw was identified on January 17 by New York-based security engineer Dylan Saccomanni while managing a domain. The expert realized that the company had not implemented any CSRF protections for many DNS management actions.
According to the researcher, an attacker could have exploited the vulnerability to edit nameservers, edit the zone file, and modify automatic renewal settings.
Saccomanni has published proof-of-concept code for editing nameservers, disabling the auto-renew feature, and editing DNS records.
Continue reading at http://www.securityweek.com/csrf-flaw-allowed-attackers-hijack-godaddy-domains
More at KING.NET
0 Comments