Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-22-2023, 04:01
Dr.FarFar's Avatar
Dr.FarFar Dr.FarFar is offline
Family
 
Join Date: Oct 2021
Location: Egypt ( ❤️ Palestine ❤️ )
Posts: 170
Rept. Given: 18
Rept. Rcvd 39 Times in 29 Posts
Thanks Given: 209
Thanks Rcvd at 547 Times in 151 Posts
Dr.FarFar Reputation: 39
Lightbulb GoDaddy Hacked For Nearly 3 Years

Hackers Ran Amok Inside GoDaddy for Nearly 3 Years

You can read it here
Quote:
https://www.wired.com/story/godaddy-hacked-3-years/
What no one knows

I didn't think I would tell anyone about this report again
The GoDaddy Security Team actually neglected my report
they have now lost their reputation Because they neglected this loophole

I have been reported a high-risk vulnerability in Godaddy
That vulnerability was SQLi
by that loophole
I can know everything about that company
Including all credit card data fields
I can also withdraw domains from accounts and transfer them to other companies
And complete the exploitation and access to the company's servers and do everything that may harm it and its customers
But I did not do those evil deeds

These are some of my messages to them

In addition to a Proof-Of-Exploitation video
Quote:
https://www.BlackHatLab.com/Godaddy
NB:
Quote:
I'm Not The Person Who Hacked And Harmed GoDaddy Company 😉
Best Regards,
Dr.FarFar
Reply With Quote
The Following 2 Users Say Thank You to Dr.FarFar For This Useful Post:
niculaita (02-28-2023), RAMPage (03-13-2023)
  #2  
Old 02-22-2023, 16:23
Roy25 Roy25 is offline
Friend
 
Join Date: Sep 2018
Posts: 25
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 28
Thanks Rcvd at 24 Times in 14 Posts
Roy25 Reputation: 0
Off late GoDaddy seems to have developed unwarranted ego. I have seen change in the way there sales and support executives behave over last decade. Not that this justifies the incident, but sometimes things like these keep u grounded.

On a sidenote:
Quote:
I'm Not The Person Who Hacked And Harmed GoDaddy Company 😉
We do believe u dr.
Reply With Quote
  #3  
Old 02-22-2023, 18:20
Dr.FarFar's Avatar
Dr.FarFar Dr.FarFar is offline
Family
 
Join Date: Oct 2021
Location: Egypt ( ❤️ Palestine ❤️ )
Posts: 170
Rept. Given: 18
Rept. Rcvd 39 Times in 29 Posts
Thanks Given: 209
Thanks Rcvd at 547 Times in 151 Posts
Dr.FarFar Reputation: 39
Lightbulb

Unfortunately, if there was a good response to my report from The Cyber Security Team at GoDaddy
The hack would not have happened
You can see the messages and proof video in the link above
Reply With Quote
  #4  
Old 02-22-2023, 23:20
tK! tK! is offline
Family
 
Join Date: Jan 2013
Posts: 193
Rept. Given: 7
Rept. Rcvd 122 Times in 35 Posts
Thanks Given: 63
Thanks Rcvd at 84 Times in 49 Posts
tK! Reputation: 100-199 tK! Reputation: 100-199
thank you Dr
i think i remember was about +1M users leak sold in RaidForums ( closed now )

same thing happen on 00webhost , wix ( 2018 ) , ....
Reply With Quote
  #5  
Old 02-23-2023, 02:15
Dr.FarFar's Avatar
Dr.FarFar Dr.FarFar is offline
Family
 
Join Date: Oct 2021
Location: Egypt ( ❤️ Palestine ❤️ )
Posts: 170
Rept. Given: 18
Rept. Rcvd 39 Times in 29 Posts
Thanks Given: 209
Thanks Rcvd at 547 Times in 151 Posts
Dr.FarFar Reputation: 39
Quote:
Originally Posted by tK! View Post
thank you Dr
i think i remember was about +1M users leak sold in RaidForums ( closed now )

same thing happen on 00webhost , wix ( 2018 ) , ....
The loopholes used in what you say are JSON vulnerabilities

What you are saying is not similar to the Godaddy incident

But what happened is
SQL Injection vulnerability at GoDaddy.com & All Subdomains

You can watch the video and imagine the losses Godaddy can take
If I did anything evil

I can do evil things easily, but I don't like doing them to anyone
Reply With Quote
  #6  
Old 02-27-2023, 21:45
Roy25 Roy25 is offline
Friend
 
Join Date: Sep 2018
Posts: 25
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 28
Thanks Rcvd at 24 Times in 14 Posts
Roy25 Reputation: 0
Quote:
I can do evil things easily, but I don't like doing them to anyone
Good to know that we're in good company and not Dr. Hannibal Lectar's

And about the The Cyber Security Team at GoDaddy, I wonder how no one responded to such a huge thing! Companies rightly make a huge fuss of even a small miss by an employee like using a USB drive, or opening certain sites inside corporate network, how can they miss such a report is beyond my reasoning.

Though, I feel they were really dumb either ways - because even if they were unethical and took it from "personal growth" perspective, they could have easily "claimed" it to be found by them internally and got a promotion or something lol . Because u/reporter would have not bothered or even informed anyway.
Reply With Quote
  #7  
Old 02-28-2023, 01:02
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 1,379
Rept. Given: 960
Rept. Rcvd 89 Times in 61 Posts
Thanks Given: 4,613
Thanks Rcvd at 482 Times in 341 Posts
niculaita Reputation: 89
maybe you injected into a honney pot
__________________
Decode and Conquer
Reply With Quote
  #8  
Old 03-01-2023, 05:29
Dr.FarFar's Avatar
Dr.FarFar Dr.FarFar is offline
Family
 
Join Date: Oct 2021
Location: Egypt ( ❤️ Palestine ❤️ )
Posts: 170
Rept. Given: 18
Rept. Rcvd 39 Times in 29 Posts
Thanks Given: 209
Thanks Rcvd at 547 Times in 151 Posts
Dr.FarFar Reputation: 39
No, certainly not. There is evidence that the company was hacked during the same period, and the hack lasted for three years.
Reply With Quote
Reply

Tags
dr.farfar, godaddy

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 23:41.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )