Dotster #18
Labels
Vulnerable
This service is vulnerable to takeover.
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ServiceDotsterStatusVulnerable (w/ purchase)NameserverExplanationDotster is powered by Domain.com, which means creating a zone on Domain.com also creates a zone on Dotster (and vice versa). For example,
4orty3.netuses Dotster's DNS, howeverns1.domain.comwill resolve all records for4orty3.net.Per Domain.com's Knowledge Base you can add external domains if you have an existing account or if you purchase something (like hosting). Thus, to perform a takeover on Dotster, I recommend you get an account on Domain.com (buy something cheap and cancel) then add the zones to Domain.com (which will activate the zone on Dotster).
Since Dotster also owns
000domains.comcreating a zone on Dotster will active a zone automatically on 000domains.com's DNS.Needs Verification?YesWhile the documentation supports the belief that takeover is possible and their system uses the same backend as Bizland and MyDomain (which are vulnerable). We do need someone to verify that takeover is possible.
The text was updated successfully, but these errors were encountered: