DynaDot.com Domain hijack Exploit

Iravan · Jan 15, 2007

Just Saw this on Digg

http://www.berlettefx.com/2007/01/5/exploiting-dynadot/

This person found a way to acess any domain that is registered at dynadot and change the account to his own

Very bad news, watch your domains folks

- Iravan

** This should really go under alerts but I felt that it should be noticed by as many people as possible just in case anyones domains are at risk. Please feel free to move as necessary

Chicken · Jan 15, 2007

Iravan said:
Just Saw this on Digg

http://www.berlettefx.com/2007/01/5/exploiting-dynadot/

This person found a way to acess any domain that is registered at dynadot and change the account to his own

Very bad news, watch your domains folks

- Iravan

** This should really go under alerts but I felt that it should be noticed by as many people as possible just in case anyones domains are at risk. Please feel free to move as necessary

Thats berlette :hehe:

Jim_ · Jan 15, 2007

It's been fixed.

http://www.dynadot.com/resource/forums/f4-payment-issues/gain-access-to-domains-at-dynadot-262.html

Croach · Jan 15, 2007

dnb8 · Jan 15, 2007

and somebody said that this never existed....
So this was real or not?

RegFee · Jan 15, 2007

I hope a company wouldn't let a security flaw as OBVIOUS as this get by them. I tried the same "technique" with afternic:
http://www.afternic.com/nameE.php?id=xxxxxxxx

Type in an 8 digit number, and if there is a name with that code, then it will say access violation.

-NB- · Jan 15, 2007

Yes, DynaDot fixed this. Nobody needs to worry about their domains, and I wouldn't take them anyways. After several attempts at reporting it, they finally decided it'd be good to fix. Joy.

cache · Jan 15, 2007

if the hacker changed a domain to his own name, it should be easy to catch him, right?

domainer50 · Jan 15, 2007

Nice find. I never have/will use dynadot. So lets hope it doesn't happen to godaddy.

kleszcz · Jan 15, 2007

Really? Hope it was a bad joke anyway.

B33R · Jan 15, 2007

-NB- said:
Yes, DynaDot fixed this. Nobody needs to worry about their domains, and I wouldn't take them anyways. After several attempts at reporting it, they finally decided it'd be good to fix. Joy.

Nice find, Nick.

Doesn't surprise me in the slightest. All my dealings with Dynadot have been troublesome to say the least.

Needless to say, there's one registrar I won't be recommending or using ever again, although that was already decided long before this issue and their subsequent denial on their forum (which is what I've come to expect from them...)

jehnidiah · Jan 15, 2007

Having a problem is one thing, but taking so long to fix it is another. That's too bad they were so slack in responding to the situation.

dnb8 · Jan 15, 2007

Dynadot replied me that they don't have any "domain stolen" complaints.

Iravan · Jan 15, 2007

glad t osee its been fixed

- Iravan

webfreak · Jan 15, 2007

-NB- said:
Yes, DynaDot fixed this. Nobody needs to worry about their domains, and I wouldn't take them anyways. After several attempts at reporting it, they finally decided it'd be good to fix. Joy.

Did the exploit actually work for you gaining access to a domain name you do not own? Or, could you only access the other domain names within your account with changing the domainid in the URL?

DynaDot.com Domain hijack Exploit

TSAS HostEstablished Member

Full Stack DeveloperVIP Member

Established Member

Established Member

x/\x/\x/\xVIP Member

No FateVIP Member

Formerly ArrayEstablished Member

VIP Member

VIP Member

VIP Member

Account Closed (Disallowed)

VIP Member

x/\x/\x/\xVIP Member

TSAS HostEstablished Member

VIP Member

Similar threads

We're social

ScalaAi.com

Finest.co

PolarPocket.com

IndoorsOutdoors.com

shoetying.com

GBY.co

ClaimLasVegas.com

CMRU.Com

opennext.ai

Songe.com

Pinned

Appreciation

Agreement

Answers

Relevance

Reaction

Status

Feeling