Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   GoDaddy Hacked For Nearly 3 Years (https://forum.exetools.com/showthread.php?t=20465)

Dr.FarFar 02-22-2023 04:01
GoDaddy Hacked For Nearly 3 Years
 
Hackers Ran Amok Inside GoDaddy for Nearly 3 Years

You can read it here
Quote:
https://www.wired.com/story/godaddy-hacked-3-years/
What no one knows

I didn't think I would tell anyone about this report again
The GoDaddy Security Team actually neglected my report
they have now lost their reputation Because they neglected this loophole

I have been reported a high-risk vulnerability in Godaddy
That vulnerability was SQLi
by that loophole
I can know everything about that company
Including all credit card data fields
I can also withdraw domains from accounts and transfer them to other companies
And complete the exploitation and access to the company's servers and do everything that may harm it and its customers
But I did not do those evil deeds

These are some of my messages to them

In addition to a Proof-Of-Exploitation video
Quote:
https://www.BlackHatLab.com/Godaddy
NB:
Quote:
I'm Not The Person Who Hacked And Harmed GoDaddy Company 😉
Best Regards,
Dr.FarFar

Roy25 02-22-2023 16:23
Off late GoDaddy seems to have developed unwarranted ego. I have seen change in the way there sales and support executives behave over last decade. Not that this justifies the incident, but sometimes things like these keep u grounded.

On a sidenote:
Quote:
I'm Not The Person Who Hacked And Harmed GoDaddy Company 😉
We do believe u dr. :)

Dr.FarFar 02-22-2023 18:20
Unfortunately, if there was a good response to my report from The Cyber Security Team at GoDaddy
The hack would not have happened
You can see the messages and proof video in the link above

tK! 02-22-2023 23:20
thank you Dr ;)
i think i remember was about +1M users leak sold in RaidForums ( closed now )

same thing happen on 00webhost , wix ( 2018 ) , ....

Dr.FarFar 02-23-2023 02:15
Quote:
Originally Posted by tK! (Post 127228)
thank you Dr ;)
i think i remember was about +1M users leak sold in RaidForums ( closed now )

same thing happen on 00webhost , wix ( 2018 ) , ....
The loopholes used in what you say are JSON vulnerabilities

What you are saying is not similar to the Godaddy incident

But what happened is
SQL Injection vulnerability at GoDaddy.com & All Subdomains

You can watch the video and imagine the losses Godaddy can take
If I did anything evil

I can do evil things easily, but I don't like doing them to anyone

Roy25 02-27-2023 21:45
Quote:
I can do evil things easily, but I don't like doing them to anyone
Good to know that we're in good company and not Dr. Hannibal Lectar's :p

And about the The Cyber Security Team at GoDaddy, I wonder how no one responded to such a huge thing! Companies rightly make a huge fuss of even a small miss by an employee like using a USB drive, or opening certain sites inside corporate network, how can they miss such a report is beyond my reasoning.

Though, I feel they were really dumb either ways - because even if they were unethical and took it from "personal growth" perspective, they could have easily "claimed" it to be found by them internally and got a promotion or something lol :D. Because u/reporter would have not bothered or even informed anyway.

niculaita 02-28-2023 01:02
maybe you injected into a honney pot

Dr.FarFar 03-01-2023 05:29
No, certainly not. There is evidence that the company was hacked during the same period, and the hack lasted for three years.


All times are GMT +8. The time now is 21:48.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX