Are you sure you want to close the chat?Chat will be closed and the chat history will be cleared.
continue to sign out,
or stay on chat.
To review this chat session please click this windows.
Chat Online
Chat Online0
Support

Forum

A place for Dynadot and community experts alike to ask questions, share ideas, and more.
Gain Access to Domains at DynaDot!
1/14/2007 14:43
http://www.berlettefx.com/2007/01/5/exploiting-dynadot/
Reply Quote
Posted By kate
1/18/2007 03:15
For the record it's not just Dynadot, many other registrar sites are set up the same way. There is nothing wrong with it as long as adequate filters (ie. restrict to domains you own) are in place.
Reply Quote
Posted By hekler
1/15/2007 01:56
I saw the original message about 4 weeks ago. If you change the ID number in the URL to one of your other ID numbers it will show that domain.

BUT this is the thing it will only do it with your own domains not another accounts. That's how the original fool found it by changing the ID number in the URL to one of his other domain ID's. Of course being such a bright spark (yeah right) he did not think that this may not work with someone else's domain ID's.  Having 3 accounts I checked the cross account reading and it just does not work.
Reply Quote
1/14/2007 20:06
This supposed exploit has been circulating around the web for a few weeks now. We were not able to reproduce it. We have received no complaints of domains being stolen this entire time.
Reply Quote
Posted By raph
1/14/2007 19:20
That's what I thought - It would be a pretty basic mistake to make to allow everyone access to each other's domains...
Reply Quote
Posted By hekler
1/14/2007 18:39
Hi Raph. The fault never really existed


[This post has been edited by e_h_rochedale south_au on Jan 14, 2007 6:39pm.]
Reply Quote
Posted By hekler
1/14/2007 18:38
First thing is - are you a fool or what? Why would you make a thing like this public - even though you are and the author are quite wrong.

You can change the domain id number to another one YOU have access to BUT NOT to someone elses.

You probably think we all got delivered by the stork as well
Reply Quote
Posted By raph
1/14/2007 18:38
As far as I can tell, this has been fixed... Is that correct? When I tried entering a domain ID for a domain that wasn't in my account, I was redirected back to my list of domains.
Reply Quote