当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-086344

漏洞标题:沱沱工社官网存在DNS域传送漏洞

相关厂商:tootoo.cn

漏洞作者: 路人甲

提交时间:2014-12-08 12:37

修复时间:2015-01-22 12:38

公开时间:2015-01-22 12:38

漏洞类型:系统/服务运维配置不当

危害等级:中

自评Rank:8

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-12-08: 细节已通知厂商并且等待厂商处理中
2014-12-10: 厂商已经确认,细节仅向厂商公开
2014-12-20: 细节向核心白帽子及相关领域专家公开
2014-12-30: 细节向普通白帽子公开
2015-01-09: 细节向实习白帽子公开
2015-01-22: 细节向公众公开

简要描述:

DNS域传送漏洞,

详细说明:

> set type=ns
> tootoo.cn
服务器: xd-cache-1.bjtelecom.net
Address: 219.141.136.10
非权威应答:
tootoo.cn nameserver = ns0.whois-inc.net
tootoo.cn nameserver = ns.whois-inc.net
ns.whois-inc.net internet address = 124.42.15.8
ns0.whois-inc.net internet address = 119.254.17.
> server ns0.whois-inc.net
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
默认服务器: ns0.whois-inc.net
Address: 119.254.17.31
> ls tootoo.cn
[ns0.whois-inc.net]
tootoo.cn. NS server = ns.who
tootoo.cn. NS server = ns0.wh
tootoo.cn. A 119.254.17.113
adt A 119.254.17.40
api A 119.254.17.146
api3 A 119.254.17.146
beta A 119.254.17.114
api.beta A 119.254.17.114
club.beta A 119.254.17.116
en.beta A 119.254.17.114
img.beta A 119.254.17.114
lux.beta A 119.254.17.114
sapi.beta A 119.254.17.111
blog A 119.254.17.136
boss A 119.254.17.97
bossfc A 119.254.17.97
bosspre A 119.254.17.97
caomei A 119.254.17.129
club A 119.254.17.116
coupon A 119.254.17.40
di A 119.254.17.129
dm A 119.254.17.138
dmfc A 119.254.17.40
goods A 119.254.17.40
h5 A 119.254.17.138
inner A 119.254.17.40
inventory A 119.254.17.40
lux A 119.254.17.129
m1 A 119.254.17.64
mail A 119.254.17.133
newbeta A 119.254.17.114
img.newbeta A 119.254.17.114
js.newbeta A 119.254.17.114
pay.newbeta A 119.254.17.114
user.newbeta A 119.254.17.114
news A 119.254.17.129
cms.news A 119.254.17.129
ns0 A 124.42.15.85
ns1 A 119.254.17.31
ntp A 119.254.17.98
oa A 119.254.17.138
open A 119.254.17.146
ordership A 119.254.17.40
pay A 119.254.17.113
picking A 119.254.17.40
portal A 119.254.17.72
rainbow A 182.92.104.81
sapi A 119.254.17.74
sdc A 119.254.17.40
shipsdc A 119.254.17.40
shipsdcfc A 119.254.17.40
shop A 119.254.17.146
sms A 119.254.17.138
soa A 119.254.17.40
soafc A 119.254.17.40
team A 119.254.17.136
tg A 119.254.17.129
tongji A 119.254.17.40
tools A 119.254.17.146
up A 119.254.17.97
user A 119.254.17.113
pay1.v3 A 119.254.17.145
api.v3beta A 119.254.17.114
pay.v3beta A 119.254.17.114
wiki A 119.254.17.136
zoneorder A 119.254.17.40

漏洞证明:

临时.jpg

修复方案:

修复请参考http://www.myhack58.com/Article/html/3/62/2013/38149_2.htm

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2014-12-10 10:01

厂商回复:

感谢,已提交修复.

最新状态:

暂无


漏洞评价:

评论