Godaddy Web Interface Cross-Site Scripting (XSS) Vulnerability

Exploit Database recently found an interesting vulnerability regarding Godaddy which is a leading domain and website hosting provider. The Godaddy workspace XSS vulnerability provides liberty to the attacker to send malicious JavaScript to the victim resulting in stealing of cookies and other malicious activities. This means that if you are using web interface of Godaddy workspace, a malicious attacker can obtain your session information and can even login to your account interestingly without using any credentials.

Following are the steps for exploiting Godaddy XSS vulnerability:

1. Attacker logs in to the Godaddy workspace interface.
2. Composes an email directed towards the targeted user.
3. Uses firebug to craft malicious link using JavaScript in the email. This JavaScript is capable of capturing victim’s cookie (session id) and sending it to attacker controlled web server.
4. The email is sent to the targeted user (victim) who also uses Godaddy web interface.
5. The victim receives the email and opens it.
6. As soon as the email is opened the victim’s session id is obtained by the malicious JavaScript and sent to the attacker controlled web server.
7. To make sure that there are no credentials required to exploit this vulnerability the attacker logs out from his account and clear the cache and cookies.
8. The attacker receives victim’s cookie (session id) from web server log and replays it using Live HTTP Headers (Firefox addon) to Godaddy.
9. The attacker successfully logs into the victim’s Godaddy web interface.