Godaddy Workspace XSS

Godaddy Workspace XSS – Who’s your Daddy ?

An interesting submission in from the Exploit Database – a Godaddy workspace XSS vulnerability. Although we did not post it (live site), the vulnerability seems real, and definitely worth mentioning.

In essence, this vulnerability allows an attacker to send malicious JavaScript to a non suspecting victim – allowing stealing of cookies and other nasty stuff. Effectively, if you are using the Godaddy workspace web interface, an attacker can acquire a your session information and log to the account with no credentials. All Godaddy workspace users, ph33r. Wait, didn’t we have a demo just like this in CTP ?

Will be interesting to see how long it takes Godaddy to fix this issue. Check out the PoC movie:

You can download the original Godaddy Cross Site Scripting Exploit movie from our archive.

NEW FOR 2020

Evasion Techniques and Breaching Defenses (PEN-300)

Evasion Techniques and Breaching Defenses (PEN-300)

Take your penetration testing skills to the next level with advanced techniques and methods.

Earn your OSEP

FOLLOW US ON TWITTER:

@offsectraining

@kalilinux

@exploitdb