当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-09618

漏洞标题:巨鲸音乐网DNS域传送漏洞

相关厂商:巨鲸音乐网

漏洞作者: zhk

提交时间:2012-07-13 18:57

修复时间:2012-08-27 18:57

公开时间:2012-08-27 18:57

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2012-07-13: 积极联系厂商并且等待厂商认领中,细节不对外公开
2012-08-27: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

巨鲸音乐网DNS域传送漏洞

详细说明:

www.top100.cn

> ls -d top100.cn 
[dns.top100.cn]
 top100.cn.                     SOA    dns.top100.cn root.top100.cn. (2012040610 10800 900 604800 3600)
 top100.cn.                     NS     dns.top100.cn                 
 top100.cn.                     NS     dns2.top100.cn                
 top100.cn.                     NS     dns3.top100.cn                
 top100.cn.                     A      211.151.228.41
 top100.cn.                     A      211.151.228.42
 top100.cn.                     AAAA   ::1
 top100.cn.                     MX     10   mx.sina.net
 10155                          A      59.151.24.137
 12530                          A      59.151.24.171
 1M                             CNAME  1m.top100.ccgslb.net
 aac                            CNAME  aac.top100.ccgslb.net
 act                            A      211.151.228.41
 act                            A      211.151.228.42
 ad                             A      59.151.24.179
 api                            A      59.151.24.138
 audio                          CNAME  audio.top100.chinacache.net
 src.audio                      A      59.151.24.138
 audio1                         A      59.151.24.138
 audio10                        CNAME  audio10.top100.ccgslb.net
 audio101                       A      61.135.208.252
 audio2                         CNAME  audio2.top100.cn.lxdns.com
 audio21                        A      59.151.24.138
 audio3                         CNAME  audio3.top100.chinacache.net
 audio31                        A      121.9.245.61
 audio31                        A      202.108.251.165
 audio31                        A      202.108.251.167
 audio4                         CNAME  audio4.top100.chinacache.net
 audio5                         CNAME  audio5.top100.cn.lxdns.com
 audio6                         CNAME  audio6.top100.chinacache.net
 audio7                         CNAME  audio7.top100.cn.lxdns.com
 audio8                         CNAME  audio8.top100.chinacache.net
 audio9                         CNAME  audio9.top100.ccgslb.net
 bbn                            A      59.151.24.180
 beta                           A      59.151.24.171
 bfvnet                         A      59.151.24.180
 blog                           A      59.151.24.168
 cdn                            A      59.151.24.165
 cipod                          A      59.151.24.162
 citiccard                      A      211.151.228.41
 client                         A      59.151.24.184
 client                         A      59.151.24.186
 count                          A      211.151.228.41
 count                          A      211.151.228.42
 cqvnet                         A      59.151.24.180
 dns                            A      59.151.111.148
 dns2                           A      59.151.24.188
 dns3                           A      59.151.24.187
 download                       A      59.151.24.135
 src.file                       A      59.151.24.138
 file1                          CNAME  file1.top100.chinacache.net
 file10                         CNAME  file10.top100.cn.lxdns.com
 file11                         CNAME  file11.top100.cn.lxdns.com
 file12                         CNAME  file12.top100.chinacache.net
 file13                         CNAME  file13.top100.cn.lxdns.com
 file14                         CNAME  file14.top100.chinacache.net
 file15                         CNAME  file15.top100.chinacache.net
 file16                         CNAME  file16.top100.ccgslb.net
 file17                         CNAME  file17.top100.ccgslb.net
 file18                         CNAME  file18.top100.ccgslb.net
 file181                        A      61.135.208.252
 file19                         CNAME  file19.top100.ccgslb.net
 file191                        A      61.135.208.252
 file2                          CNAME  file2.top100.chinacache.net
 file3                          CNAME  file3.top100.chinacache.net
 file4                          CNAME  file4.top100.chinacache.net
 file5                          CNAME  file5.top100.chinacache.net
 file6                          CNAME  file6.top100.chinacache.net
 file7                          CNAME  file7.top100.chinacache.net
 file8                          CNAME  file8.top100.cn.lxdns.com
 file9                          CNAME  file9.top100.cn.lxdns.com
 fm                             A      59.151.24.168
 ftp                            A      59.151.24.135
 g                              CNAME  g.top100.chinacache.net
 g1                             A      59.151.24.170
 game                           A      211.151.228.41
 game                           A      211.151.228.42
 gdclient                       A      218.77.120.89
 ht                             A      59.151.24.162
 hun                            A      218.77.120.89
 hz                             A      211.151.228.41
 hz                             A      211.151.228.42
 image                          A      59.151.24.138
 img1                           CNAME  img1.top100.ccgslb.com.cn
 img11                          A      211.151.228.52
 img2                           CNAME  img1.top100.ccgslb.com.cn
 img21                          A      211.151.228.52
 img3                           CNAME  img1.top100.ccgslb.com.cn
 img31                          A      211.151.228.52
 img5                           CNAME  img1.top100.ccgslb.com.cn
 img51                          A      211.151.228.52
 jjmanager                      A      211.151.228.52
 kaixin001                      CNAME  partner.top100.cn
 label                          A      59.151.24.137
 lenovo                         A      59.151.24.161
 license                        A      59.151.24.134
 lyric                          CNAME  lyric.top100.chinacache.net
 lyric1                         A      59.151.24.138
 m                              A      59.151.24.182
 max                            A      202.106.63.81
 md                             A      59.151.24.136
 orca.md                        A      59.151.24.135
 md1                            A      59.151.24.148
 md2                            A      59.151.24.135
 mediago                        A      59.151.24.162
 mobile                         A      59.151.24.180
 moto                           A      59.151.24.181
 mp4                            CNAME  mp4.top100.ccgslb.net
 music                          A      211.151.228.41
 music                          A      211.151.228.42
 tyt.music                      A      59.151.24.180
 mv                             CNAME  mv.top100.chinacache.net
 ok                             A      211.100.40.38
 open                           A      59.151.24.184
 open                           A      59.151.24.186
 orcabox                        A      59.151.24.161
 orcaclient                     A      59.151.24.139
 original                       A      59.151.24.166
 partner                        A      59.151.24.184
 partner                        A      59.151.24.186
 passport                       A      59.151.24.177
 ph                             CNAME  ph.top100.ccgslb.net
 pic                            CNAME  lyric.top100.chinacache.net
 pic1                           A      59.151.24.138
 play                           A      59.151.24.176
 ra                             A      59.151.24.176
 real                           A      59.151.24.138
 safari                         A      59.151.24.180
 salestat                       A      59.151.24.162
 samsung                        CNAME  www.samsung.ccgslb.com.cn
 search                         A      59.151.24.165
 smtp                           A      211.151.228.52
 soft                           A      211.151.228.49
 space                          A      211.151.228.41
 space                          A      211.151.228.42
 stat                           A      59.151.24.183
 Steve-jobs                     A      211.151.228.41
 Steve-jobs                     A      211.151.228.42
 store                          A      59.151.24.163
 stream                         A      59.151.24.136
 stream1                        A      59.151.24.148
 stream2                        A      59.151.24.135
 su                             A      211.151.228.41
 su                             A      211.151.228.42
 super                          A      219.239.6.155
 sx                             A      59.151.24.180
 t                              A      59.151.24.185
 tj10010                        A      59.151.24.161
 tjcnc                          A      59.151.24.180
 tools                          A      59.151.24.171
 uni                            A      59.151.24.180
 urtracker                      A      219.239.6.149
 user                           A      59.151.24.169
 wap                            A      59.151.24.182
 widget                         A      59.151.24.168
 www                            A      211.151.228.41
 www                            A      211.151.228.42
 yc                             A      59.151.24.168
 ycaudio                        CNAME  ycaudio.top100.ccgslb.net
 zjvnet                         A      59.151.24.180
 top100.cn.                     SOA    dns.top100.cn root.top100.cn. (2012040610 10800 900 604800 3600)

漏洞证明:

修复方案:

修改安全设置

版权声明:转载请注明来源 zhk@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞评价:

评论

  1. 2012-08-28 06:00 | Vty ( 普通白帽子 | Rank:199 漏洞数:37 )

    用什么dns测试比较好啊