An Internet domain registrar and web hosting company GoDaddy has patched a Cross-Site Request Forgery (CSRF or XSRF) vulnerability that allowed hackers and malicious actors to hijack websites registered with the domain registration company.
The vulnerability was reported to GoDaddy on Saturday by Dylan Saccomanni, a web application security researcher and penetration testing consultant in New York. Without any time delay, the company patched the bug in less than 24 hours after the blog was published.
While managing an old domain registered on GoDaddy, Saccomanni stumbled across the bug and noticed that there was absolutely no protection against CSRF vulnerability at all on many GoDaddy DNS management actions.