Blog
Dec 11, 2010
Godaddy Workspace XSS – Who’s your Daddy ?
An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.
OffSec Team
1 min read
An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.
In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy workspace web interface, an attacker can acquire a your session information and log to the account with no credentials. All Godaddy workspace users, ph33r. Wait, didn’t we have a demo just like this in CTP ?
Will be interesting to see how long it takes Godaddy to fix this issue. Check out the PoC movie:
You can download the original Godaddy Cross Site Scripting Exploit movie from our archive.
Cybersecurity leader resources
Sign up for the Secure Leader and get the latest info on industry trends, resources and best practices for security leaders every other week
Latest from OffSec
Enterprise Security
Red Team vs Blue Team in Cybersecurity
Learn what a red team and blue team in cybersecurity are, pros and cons of both, as well as how they work together.
Dec 13, 2024
13 min read
Enterprise Security
Building a Future-Ready Cybersecurity Workforce: The OffSec Approach to Talent Development
Learn all about our recent webinar “Building a Future-Ready Cyber Workforce: The OffSec Approach to Talent Development”.
Dec 13, 2024
4 min read
Enterprise Security
How to Become the Company Top Cyber Talent Wants to Join
Become the company cybersecurity talent wants to join. Learn how to attract, assess, and retain experts with strategies that set you apart.
Dec 4, 2024
5 min read