Welcome to another watchTowr Labs blog post, where we dive into our recent discovery surrounding vulnerabilities in WHOIS clients. What started as a fun project led to us acquiring an expired WHOIS server domain, dotmobiregistry.net, and setting up a server to see who still interacted with it. The surprising results showed various entities like mail servers, cyber security tools, and Certificate Authorities still using this legacy domain. When we found out that CAs responsible for TLS/SSL certificates for major companies were using our server, we accidentally undermined the CA process for the .mobi TLD. Despite the interesting findings, we are exhausted by the unintended consequences. An adventure gone wrong indeed.
https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/