Security engineer Dylan Saccomanni recently in GoDaddy domain management console is found on a cross-site request forgery（CSRF）vulnerability, an attacker exploit the vulnerability can control the user in the GoDaddy registered domain name. Godaddy is the world's largest domain name provider,with a Global domain name marketplace, the thirty percent share.
The vulnerability is Saccomanni1 on 1 7 Number in the management domain when found. An attacker could exploit the vulnerability edit the domain name service, change the automatic update settings or edit the domain name content.
Cross-site request forgery is similar to cross-site scripting vulnerabilitiesXSS, and most of the time, these vulnerabilities requires a combination of some deception or social engineering approach to causing harm. But this vulnerability is due to involved in domain name management, so it is relatively serious. An attacker can use cross site request forgery（CSRF）vulnerabilities in the user unknowingly control the domain name.
Below is a save the nameserver settings of the POST request: