Blog
Dec 11, 2010
Godaddy Workspace XSS – Who’s your Daddy ?
An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.
1 min read

An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.
In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy workspace web interface, an attacker can acquire a your session information and log to the account with no credentials. All Godaddy workspace users, ph33r. Wait, didn’t we have a demo just like this in CTP ?
Will be interesting to see how long it takes Godaddy to fix this issue. Check out the PoC movie:
You can download the original Godaddy Cross Site Scripting Exploit movie from our archive.
Cybersecurity leader resources
Sign up for the Secure Leader and get the latest info on industry trends, resources and best practices for security leaders every other week
Latest from OffSec

Federal
Addressing the Unique Cybersecurity Challenges Faced by Government Agencies
Explore the unique cybersecurity challenges government agencies face and how tailored strategies can protect national security and public trust.
Feb 12, 2025
8 min read

Enterprise Security
Building a Cyber-Resilient Public Sector Through Hands-on Security Training
Learn how hands-on cybersecurity training equips public sector teams to protect critical infrastructure, featuring real-world cases from Atlanta, Oldsmar, and Texas that demonstrate why practical experience trumps theoretical knowledge alone. Discover why agencies are moving beyond certifications to combat-ready security training.
Feb 5, 2025
4 min read

Research & Tutorials
CVE-2025-21298: A Critical Windows OLE Zero-Click Vulnerability
Explore CVE-2025-21298, a critical Windows OLE zero-click flaw enabling RCE via email. Learn its risks, impact, and how to defend against attacks.
Feb 3, 2025
3 min read