当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2011-02412

漏洞标题:豆丁网DNS域传送漏洞

相关厂商:豆丁网

漏洞作者: Mystery。

提交时间:2011-07-07 13:27

修复时间:2011-07-07 14:06

公开时间:2011-07-07 14:06

漏洞类型:网络敏感信息泄漏

危害等级:低

自评Rank:2

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2011-07-07: 积极联系厂商并且等待厂商认领中,细节不对外公开
2011-07-07: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

爆了。

详细说明:

漏洞证明:

- docin.com -----
Host's addresses:
__________________
docin.com 5 IN A 202.152.178.226
Name Servers:
______________
ns1.domainmonger.com 5 IN A 216.98.150.33
ns2.domainmonger.com 5 IN A 216.25.62.225
Mail (MX) Servers:
___________________
ASPMX.L.GOOGLE.com 5 IN A 209.85.225.27
ALT1.ASPMX.L.GOOGLE.com 5 IN A 74.125.67.27
ALT2.ASPMX.L.GOOGLE.com 5 IN A 74.125.93.27
ASPMX2.GOOGLEMAIL.com 5 IN A 74.125.43.27
ASPMX3.GOOGLEMAIL.com 5 IN A 72.14.213.27
ASPMX4.GOOGLEMAIL.com 5 IN A 209.85.229.27
ASPMX5.GOOGLEMAIL.com 5 IN A 74.125.157.27
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
Trying Zone Transfer for docin.com on ns2.domainmonger.com ...
docin.com 1200 IN SOA
docin.com 1200 IN NS
docin.com 1200 IN NS
docin.com 1200 IN A 202.152.178.226
docin.com 1200 IN MX
docin.com 1200 IN MX
docin.com 1200 IN MX
docin.com 1200 IN MX
docin.com 1200 IN MX
docin.com 1200 IN MX
docin.com 1200 IN MX
admin.docin.com 1200 IN A 116.213.76.131
renrenproxy.docin.com 1200 IN A 202.152.178.226
api.docin.com 1200 IN A 202.152.178.226
blog.docin.com 1200 IN A 116.213.76.134
cacti.docin.com 1200 IN A 116.213.76.134
img.docin.com 1200 IN A 116.213.76.134
mail.docin.com 1200 IN CNAME
www.docin.com 1200 IN A 202.152.178.226
shequ.docin.com 1200 IN A 202.152.178.226
trenrenproxy.docin.com 1200 IN A 116.213.76.131
upload.docin.com 1200 IN CNAME
tshequ.docin.com 1200 IN A 116.213.76.131
t.docin.com 1200 IN A 116.213.76.131
ns1.docin.com 1200 IN A 116.213.113.2
update.docin.com 1200 IN A 116.213.76.134
ns2.docin.com 1200 IN A 211.147.220.164
*.docin.com 1200 IN A 202.152.178.226
ns2.domainmonger.com Bind Version: 8.4.X
Trying Zone Transfer for docin.com on ns1.domainmonger.com ...
docin.com 1200 IN SOA
docin.com 1200 IN NS
docin.com 1200 IN NS
docin.com 1200 IN A 202.152.178.226
docin.com 1200 IN MX
docin.com 1200 IN MX
docin.com 1200 IN MX
docin.com 1200 IN MX
docin.com 1200 IN MX
docin.com 1200 IN MX
docin.com 1200 IN MX
admin.docin.com 1200 IN A 116.213.76.131
renrenproxy.docin.com 1200 IN A 202.152.178.226
api.docin.com 1200 IN A 202.152.178.226
blog.docin.com 1200 IN A 116.213.76.134
cacti.docin.com 1200 IN A 116.213.76.134
img.docin.com 1200 IN A 116.213.76.134
mail.docin.com 1200 IN CNAME
www.docin.com 1200 IN A 202.152.178.226
shequ.docin.com 1200 IN A 202.152.178.226
trenrenproxy.docin.com 1200 IN A 116.213.76.131
upload.docin.com 1200 IN CNAME
tshequ.docin.com 1200 IN A 116.213.76.131
t.docin.com 1200 IN A 116.213.76.131
ns1.docin.com 1200 IN A 116.213.113.2
update.docin.com 1200 IN A 116.213.76.134
ns2.docin.com 1200 IN A 211.147.220.164
*.docin.com 1200 IN A 202.152.178.226
ns1.domainmonger.com Bind Version: 8.4.X
Wildcards detected, all subdomains will point to the same IP address, bye.

修复方案:

版权声明:转载请注明来源 Mystery。@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:7 (WooYun评价)


漏洞评价:

评论

  1. 2011-07-07 14:13 | 晴天小铸 ( 普通白帽子 | Rank:106 漏洞数:31 | 退出黑客界的纠纷,低调求发展。)

    厂家NB

  2. 2011-07-07 14:27 | YesCK ( 路人 | Rank:10 漏洞数:4 | 90后安全爱好者,喜欢专研技术希望与大家交...)

    信息收集这块还不错,可以从分站下手。

  3. 2011-07-08 09:24 | 鬼色[N.S.T] ( 普通白帽子 | Rank:130 漏洞数:18 | 雷州半岛)

    最牛逼的就是路人甲了,从http://hi.baidu.com/akast/blog/item/efe517f83f2b8540242df26c.html这里转发的吧?

  4. 2011-07-08 11:11 | 晴天小铸 ( 普通白帽子 | Rank:106 漏洞数:31 | 退出黑客界的纠纷,低调求发展。)

    偷东西的路人甲 晕了

  5. 2012-07-24 13:47 | Mystery。 ( 路人 | Rank:7 漏洞数:1 | 路人甲抄袭个漏洞换邀请码。)

    - -。其实我是骗邀请码的