In fact, this time it was accidentally discovered that a friend's domain name was registered in an IDC and encountered a problem during point management. He had a link for redirect, but this link could be changed at will, the following Links
Http://www.bkjia.com/apilogin. asp? D_name = [hide] & act = domainlogincontrolpanel & u_name = [hide] & checkTime = [hide] & checkSum = [hide]
The d_name can be changed at will, resulting in a vulnerability. As long as this link exists, domain names registered with this agent will suffer.
For example, my friend hijacked a website today ....
The cause of this vulnerability is also complex.
Because there must be a transmission when you log on to the console, and the user md5str in it is also transmitted. This vulnerability should be considered by developers and may be difficult to fix.
Solution:
Put all kinds of content on the server for internal processing, just like this transfer.
Now the server obtains the data internally (depending on id = xxx), then determines the owner of the id, and finally obtains the content returned by the server for determination. If the result is true, generate a temporary code (only once) and jump to the dns console. This requires a good integration between the dns Control Platform and the idc platform.
Source: network security technology blog (www.safe121.com)