da_667 on Nostr: watchtowr is a consistently good source of write-ups for RCEs. Their quality and ...
watchtowr is a consistently good source of write-ups for RCEs. Their quality and shitposting is top-notch but this? This takes the cake.
https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/
TL;DR: They gained ownership of a former .mobi whois server domain and come to find that, actually, a lot of whois clients aren't updated very frequently. Even more fun is the ability to obtain rogue SSL certs from a variety of providers, since they can and will issue SSL certificates to the WHOIS email address for a domain.
https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/
TL;DR: They gained ownership of a former .mobi whois server domain and come to find that, actually, a lot of whois clients aren't updated very frequently. Even more fun is the ability to obtain rogue SSL certs from a variety of providers, since they can and will issue SSL certificates to the WHOIS email address for a domain.