Domain goliaths GoDaddy has rushed to plug a vulnerability that allowed attackers to hijack registered sites.
Pen tester Dylan Saccomanni dropped the Cross-Site Request Forgery (CSRF) bug on his blog after the company said there was no timeline for a fix.
The hacker posted code required to edit nameservers and DNS records, and turn off auto-renew features.
He found the flaw while tinkering with an old account, discovering a lack of CSRF protection on GoDaddy's DNS management actions.
Full Article: http://www.theregister.co.uk/2015/01/21/godaddy_rushes_to_plug_domain_hijack_hole/The vulnerability type was exploited by attackers through social engineering, often phishing, to force authenticated admins to alter conditions or requests
GoDaddy was not immediately able to say if accounts had been compromised.