[Webinar] Start with Why: How to Sustain Intrinsic Motivation in Cyber Teams - Register now

Blog

Research & Tutorials

Dec 11, 2010

Godaddy Workspace XSS – Who’s your Daddy ?

An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.

1 min read

An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.

In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy workspace web interface, an attacker can acquire a your session information and log to the account with no credentials. All Godaddy workspace users, ph33r. Wait, didn’t we have a demo just like this in CTP ?

Will be interesting to see how long it takes Godaddy to fix this issue. Check out the PoC movie:

You can download the original Godaddy Cross Site Scripting Exploit movie from our archive.

Cybersecurity leader resources

Cybersecurity leader resources

Sign up for the Secure Leader and get the latest info on industry trends, resources and best practices for security leaders every other week

Sign up

Latest from OffSec