现在我也不知道这频道发了啥了，各位慢慢吃瓜，将就着看联系我请去 @abc1763613206友链儿@cyberElaina@rvalue_daily@billchenlahttps://channel.0w0.besthttps://channel.0w0.best/posts/5555https://channel.0w0.best/posts/5555Fri, 20 Sep 2024 02:55:54 GMT研究者发现自己可以注册一些 TLD 的旧 Whois 服务域名，并利用其获得 TLD 下非由自己控制域名的 TLS 证书。<br /><br />- watchTowr 的研究人员发现 .mobi 的旧 whois 服务域名过期，因而购买了此域名并在原有域名上架设了 whois 服务。<br />- 研究人员发现 CA 服务 GlobalSign 允许使用 whois 记录中的邮箱作为验证邮箱，并且仍使用旧 whois 服务域名进行证书注册相关查证，因此可以为他们所用来申请任意 .mobi 域名的 TLS 证书。<br /><br /><a href="https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/" target="_blank">labs.watchtowr.com/~</a><br />seealso: <a href="https://news.ycombinator.com/item?id=41510252" target="_blank">HackerNews:41510252</a><br /><br /><a href="/search/%23Whois">#Whois</a> <a href="/search/%23MOBI">#MOBI</a> <a href="/search/%23PKI">#PKI</a><a href="https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/" target="_blank"> <div>watchTowr Labs</div> <img class="link_preview_image" alt="We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI" src="/static/https://cdn4.telesco.pe/file/pT3VwLDHEGNrNXrofirS_5dCQUOWamAFOL1lczOYuvk-MYLG8vLAVfiI-Auyg7oElhKm1LakvqgsgHxb3_J6qObEs5PWQzniazn6fa9v0J-Tywy1tjZTGwopBEFafNOwFQwYbdEJUv_XYpVMskHTTUzO7CNIEbQn1n7y98YRhmJ5yghp-uV-QC9Wc2V4QxelaNa2IObwUALODvjjfwZZ4884b2GC8JQIwOFMzlO_bObCnz_la6dy_1REOobfjahHqYI7uiXVb0oljrewFKPrOhV6Yqe8JQU91QXfl5YYcpSFYE6RfKvX072kZ4CzMvKRpDlpLz801cjCuXWxMZApCw.jpg" loading="lazy" /> <div>We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI</div> <div>Welcome back to another watchTowr Labs blog. Brace yourselves, this is one of our most astounding discoveries.<br /><br /><br />Summary<br /><br />What started out as a bit of fun between colleagues while avoiding the Vegas heat and $20 bottles of water in our Black Hat hotel rooms…</div> </a>