Yes, as we were able to download the database for CoCCA's web application (from the box.com backups) for any of the ccTLDs managed by CoCCA, we could decrypt the admin hash and then login to the CoCCA administration panel and modify/transfer any domain inside a ccTLD's zone.
The scale of possibilities with this hack are enormous. You could easily redirect entire domains, generate valid SSL certs for those domains, then capture all the data including all login credentials for all users on those domains.
With exploitation of the right domains you would probably be able to extend this hack using stolen authentication information to take over basically the entire Internet.
Funny hack of my own once: a major web hosting company had a forum which failed to check uploaded profile pics were images, so I used it to upload a script so I could browse their entire filesystem. I eventually came across their root password stored in plaintext in a configuration file. The password? "internet" - all lowercase, just like that.
I kinda think these vulnerabilities were long exploited but no one made the move to actually make any harm is because 1) not profitable for private parties 2) state actors are waiting for a proper time to execute
> We spent a significant amount of time on Google's registry software and discovered an endpoint that we believe are not supposed to be accessed without authentication
Can you send me info on this to mcilwain@google.com ? Thanks.
Out of curiosity, at what point is this considered hacking? Aren't you afraid of getting into trouble with the law by accessing servers like this, downloading data, etc?
