台湾ettoday新闻云dns域传送漏洞 | wooyun-2015-0107110| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0107110

漏洞标题：台湾ettoday新闻云dns域传送漏洞

漏洞作者：路人甲

提交时间：2015-04-13 17:56

修复时间：2015-06-01 22:58

公开时间：2015-06-01 22:58

漏洞类型：系统/服务运维配置不当

危害等级：中

自评Rank：10

漏洞状态：已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-04-13：细节已通知厂商并且等待厂商处理中
2015-04-17：厂商已经确认，细节仅向厂商公开
2015-04-27：细节向核心白帽子及相关领域专家公开
2015-05-07：细节向普通白帽子公开
2015-05-17：细节向实习白帽子公开
2015-06-01：细节向公众公开

简要描述：

哈哈，通过吧。。。。

详细说明：

0x1：dns传送漏洞地址：
http://www.ettoday.net/
0x2：
dns数据：

; <<>> DiG 9.8.3-P1 <<>> @ns1.ettoday.net. axfr ettoday.net
; (1 server found)
;; global options: +cmd
ettoday.net.		3600	IN	SOA	ns1.ettoday.net. admin.ettoday.net. 2015030501 10800 3600 1209600 38400
ettoday.net.		3600	IN	TXT	"v=spf1 ip4:219.85.79.135 include:_spf.google.com ~all"
ettoday.net.		3600	IN	MX	10 mail.ettoday.net.
ettoday.net.		3600	IN	MX	20 mail.ettoday.net.cn.
ettoday.net.		300	IN	A	219.85.79.131
ettoday.net.		3600	IN	NS	ns1.ettoday.net.
ettoday.net.		3600	IN	NS	ns2.ettoday.net.
ad.ettoday.net.		3600	IN	A	219.85.79.136
admin.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
buy.ettoday.net.	3600	IN	A	219.85.79.138
cache.ettoday.net.	3600	IN	CNAME	static.ettoday.net.
cacti.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
citytalk.ettoday.net.	3600	IN	CNAME	ettoday.citytalk.tw.
clock.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
developer.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
editor.ettoday.net.	3600	IN	A	219.85.79.133
editor1.ettoday.net.	3600	IN	CNAME	ns1.ettoday.net.
ftp.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
game.ettoday.net.	3600	IN	CNAME	www.ettoday.net.
hr.ettoday.net.		3600	IN	CNAME	office1.ettoday.net.
idc.ettoday.net.	3600	IN	CNAME	vpn.ettoday.net.
imap.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
ldap.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
life.ettoday.net.	3600	IN	CNAME	www.ettoday.net.
lifeeditor.ettoday.net.	3600	IN	CNAME	ns1.ettoday.net.
m.ettoday.net.		3600	IN	A	219.85.79.137
mail.ettoday.net.	3600	IN	A	219.85.79.135
msg.ettoday.net.	3600	IN	CNAME	ad.ettoday.net.
nagios.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
news.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
nntp.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
ns1.ettoday.net.	3600	IN	A	219.85.79.134
ns2.ettoday.net.	3600	IN	A	219.85.79.135
office1.ettoday.net.	3600	IN	A	61.222.32.250
office2.ettoday.net.	3600	IN	A	27.105.104.4
office3.ettoday.net.	3600	IN	A	124.219.71.64
office4.ettoday.net.	3600	IN	A	211.23.144.91
pics.ettoday.net.	3600	IN	CNAME	static.ettoday.net.
pop3.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
postfix.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
redmine.ettoday.net.	3600	IN	A	124.219.71.68
shopping.ettoday.net.	3600	IN	A	219.85.79.145
smtp.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
st.ettoday.net.		3600	IN	CNAME	buy.ettoday.net.
static.ettoday.net.	3600	IN	A	219.85.79.132
test.ettoday.net.	3600	IN	CNAME	ns1.ettoday.net.
time.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
travel.ettoday.net.	3600	IN	CNAME	static.ettoday.net.
upload.ettoday.net.	3600	IN	A	219.85.79.139
vpn.ettoday.net.	3600	IN	A	219.85.79.157
weibo.ettoday.net.	3600	IN	CNAME	tw.weibo.com.
www.ettoday.net.	3600	IN	A	219.85.79.131
xc.ettoday.net.		3600	IN	A	219.85.79.144
xc1.ettoday.net.	3600	IN	CNAME	xc.ettoday.net.
xc2.ettoday.net.	3600	IN	CNAME	xc.ettoday.net.
xmpp.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
xweibo.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
ettoday.net.		3600	IN	SOA	ns1.ettoday.net. admin.ettoday.net. 2015030501 10800 3600 1209600 38400
;; Query time: 127 msec
;; SERVER: 219.85.79.134#53(219.85.79.134)
;; WHEN: Fri Feb  6 11:15:24 2015
;; XFR size: 58 records (messages 1, bytes 1315)

漏洞证明：

0x1：dns传送漏洞地址：
http://www.ettoday.net/
0x2：
dns数据：

; <<>> DiG 9.8.3-P1 <<>> @ns1.ettoday.net. axfr ettoday.net
; (1 server found)
;; global options: +cmd
ettoday.net.		3600	IN	SOA	ns1.ettoday.net. admin.ettoday.net. 2015030501 10800 3600 1209600 38400
ettoday.net.		3600	IN	TXT	"v=spf1 ip4:219.85.79.135 include:_spf.google.com ~all"
ettoday.net.		3600	IN	MX	10 mail.ettoday.net.
ettoday.net.		3600	IN	MX	20 mail.ettoday.net.cn.
ettoday.net.		300	IN	A	219.85.79.131
ettoday.net.		3600	IN	NS	ns1.ettoday.net.
ettoday.net.		3600	IN	NS	ns2.ettoday.net.
ad.ettoday.net.		3600	IN	A	219.85.79.136
admin.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
buy.ettoday.net.	3600	IN	A	219.85.79.138
cache.ettoday.net.	3600	IN	CNAME	static.ettoday.net.
cacti.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
citytalk.ettoday.net.	3600	IN	CNAME	ettoday.citytalk.tw.
clock.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
developer.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
editor.ettoday.net.	3600	IN	A	219.85.79.133
editor1.ettoday.net.	3600	IN	CNAME	ns1.ettoday.net.
ftp.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
game.ettoday.net.	3600	IN	CNAME	www.ettoday.net.
hr.ettoday.net.		3600	IN	CNAME	office1.ettoday.net.
idc.ettoday.net.	3600	IN	CNAME	vpn.ettoday.net.
imap.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
ldap.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
life.ettoday.net.	3600	IN	CNAME	www.ettoday.net.
lifeeditor.ettoday.net.	3600	IN	CNAME	ns1.ettoday.net.
m.ettoday.net.		3600	IN	A	219.85.79.137
mail.ettoday.net.	3600	IN	A	219.85.79.135
msg.ettoday.net.	3600	IN	CNAME	ad.ettoday.net.
nagios.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
news.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
nntp.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
ns1.ettoday.net.	3600	IN	A	219.85.79.134
ns2.ettoday.net.	3600	IN	A	219.85.79.135
office1.ettoday.net.	3600	IN	A	61.222.32.250
office2.ettoday.net.	3600	IN	A	27.105.104.4
office3.ettoday.net.	3600	IN	A	124.219.71.64
office4.ettoday.net.	3600	IN	A	211.23.144.91
pics.ettoday.net.	3600	IN	CNAME	static.ettoday.net.
pop3.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
postfix.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
redmine.ettoday.net.	3600	IN	A	124.219.71.68
shopping.ettoday.net.	3600	IN	A	219.85.79.145
smtp.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
st.ettoday.net.		3600	IN	CNAME	buy.ettoday.net.
static.ettoday.net.	3600	IN	A	219.85.79.132
test.ettoday.net.	3600	IN	CNAME	ns1.ettoday.net.
time.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
travel.ettoday.net.	3600	IN	CNAME	static.ettoday.net.
upload.ettoday.net.	3600	IN	A	219.85.79.139
vpn.ettoday.net.	3600	IN	A	219.85.79.157
weibo.ettoday.net.	3600	IN	CNAME	tw.weibo.com.
www.ettoday.net.	3600	IN	A	219.85.79.131
xc.ettoday.net.		3600	IN	A	219.85.79.144
xc1.ettoday.net.	3600	IN	CNAME	xc.ettoday.net.
xc2.ettoday.net.	3600	IN	CNAME	xc.ettoday.net.
xmpp.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
xweibo.ettoday.net.	3600	IN	CNAME	ns2.ettoday.net.
ettoday.net.		3600	IN	SOA	ns1.ettoday.net. admin.ettoday.net. 2015030501 10800 3600 1209600 38400
;; Query time: 127 msec
;; SERVER: 219.85.79.134#53(219.85.79.134)
;; WHEN: Fri Feb  6 11:15:24 2015
;; XFR size: 58 records (messages 1, bytes 1315)

修复方案：

过滤

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：8

确认时间：2015-04-17 22:56

厂商回复：

感謝通報

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0107110

漏洞标题：台湾ettoday新闻云dns域传送漏洞

相关厂商：ettoday新闻云

漏洞作者：路人甲

提交时间：2015-04-13 17:56

修复时间：2015-06-01 22:58

公开时间：2015-06-01 22:58

漏洞类型：系统/服务运维配置不当

危害等级：中

自评Rank：10

漏洞状态：已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0107110

漏洞标题：台湾ettoday新闻云dns域传送漏洞

相关厂商：ettoday新闻云

漏洞作者： 路人甲

提交时间：2015-04-13 17:56

修复时间：2015-06-01 22:58

公开时间：2015-06-01 22:58

漏洞类型：系统/服务运维配置不当

危害等级：中

自评Rank：10

漏洞状态：已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0107110"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云