Domain
Find Your Domain
Search
Domain Search
AI Domain Search
Bulk Domain Search
IDNs Search
Advanced Search
Transfer
Domain Transfer
Bulk Domain Transfer
TLDs
Domain Prices
Domain Sales
Domain Tools
Whois Lookup
Domain Appraisal
Suggestion Tool
Grace Deletion
Domain Security
Domain Management
API
Aftermarket
Manage Your Portfolio
Search
Aftermarket Search
Expired Domains
Expired Auctions
Registry Auctions
Last Chance Auctions
Expired Closeout
User Listings
User Listings
User Auctions
Backorder Tools
Backorder
Backorder Auctions
Resources
Buying Domains
Selling Domains
Tools
Website Builder
Email
Logo Maker
SSL
Security
Reseller Program
Support
Help Center
Help Files
Forums
Account Manager Request
Support Tools
Contact Us
Support Tickets
Report Abuse
Report Bugs
Feature Requests
Resources
Manage Your Portfolio
Resources
Dynadot Blog
Newsletters
Payment Methods
Payment Options
Prepay
Learning
Domain Name Basics Guide
Domain Investing Guide
Affiliate
General Affiliate Program
Reseller Program
Reseller Program
Copyright © 2002-2025 Dynadot LLC. All rights reserved.
Domains
Find Your Domain
Search
Transfer
TLD
Tools
Aftermarket
Manage Your Portfolio
Search
Expired Domains
User Listings
Backorder Tools
Resources
Tools
Resources
Resources
Payment Methods
Learning
Affiliate
Reseller
Support
Help Center
Support Tools
Are you sure you want to close the chat?Chat will be closed and the chat history will be cleared.
continue to sign out,
or stay on chat.
To review this chat session please click this windows.
Chat Online
Chat Online0
Privacy Notice
Your use of this website is subject to our Terms of Use. We may process the following information about you: Google referral sources, page visits, country, IP address, domain searches and associated TLD rankings, single sign-on (Open ID), forum views, chats, account creation, order placement and form submissions. The purposes for this processing include: troubleshooting errors, abuse detection, targeted marketing, localizing data, site and usage statistics and communication with you. This is necessary for the proper provisioning of the services in this website. Your continued use of this website constitutes your implied consent for this processing.
Support

Forum

A place for Dynadot and community experts alike to ask questions, share ideas, and more.
Gain Access to Domains at DynaDot!
Posted By k_kkkkkkkk_us
1/14/2007 14:43
http://www.berlettefx.com/2007/01/5/exploiting-dynadot/
Reply Quote
Posted By kate
1/18/2007 03:15
For the record it's not just Dynadot, many other registrar sites are set up the same way. There is nothing wrong with it as long as adequate filters (ie. restrict to domains you own) are in place.
Reply Quote
Posted By hekler
1/15/2007 01:56
I saw the original message about 4 weeks ago. If you change the ID number in the URL to one of your other ID numbers it will show that domain.

BUT this is the thing it will only do it with your own domains not another accounts. That's how the original fool found it by changing the ID number in the URL to one of his other domain ID's. Of course being such a bright spark (yeah right) he did not think that this may not work with someone else's domain ID's.  Having 3 accounts I checked the cross account reading and it just does not work.
Reply Quote
Posted By teamdynadot
1/14/2007 20:06
This supposed exploit has been circulating around the web for a few weeks now. We were not able to reproduce it. We have received no complaints of domains being stolen this entire time.
Reply Quote
Posted By raph
1/14/2007 19:20
That's what I thought - It would be a pretty basic mistake to make to allow everyone access to each other's domains...
Reply Quote
Posted By hekler
1/14/2007 18:39
Hi Raph. The fault never really existed


[This post has been edited by e_h_rochedale south_au on Jan 14, 2007 6:39pm.]
Reply Quote
Posted By hekler
1/14/2007 18:38
First thing is - are you a fool or what? Why would you make a thing like this public - even though you are and the author are quite wrong.

You can change the domain id number to another one YOU have access to BUT NOT to someone elses.

You probably think we all got delivered by the stork as well
Reply Quote
Posted By raph
1/14/2007 18:38
As far as I can tell, this has been fixed... Is that correct? When I tried entering a domain ID for a domain that wasn't in my account, I was redirected back to my list of domains.
Reply Quote
Newsletter sign-up
Download the app:
Copyright © 2002-2025 Dynadot Inc. All rights reserved. Privacy PolicyTerms of UseRegistrant Educational InformationRegistrants Benefits and Responsibilities