航空安全之海南航空DNS域传送漏洞#2 | wooyun-2015-0148654| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0148654

漏洞标题：航空安全之海南航空DNS域传送漏洞#2

漏洞作者： harbour_bin

提交时间：2015-10-22 17:22

修复时间：2015-12-07 08:58

公开时间：2015-12-07 08:58

漏洞类型：重要敏感信息泄露

危害等级：中

自评Rank：10

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-10-22：细节已通知厂商并且等待厂商处理中
2015-10-23：厂商已经确认，细节仅向厂商公开
2015-11-02：细节向核心白帽子及相关领域专家公开
2015-11-12：细节向普通白帽子公开
2015-11-22：细节向实习白帽子公开
2015-12-07：细节向公众公开

简要描述：

RT
赶紧测试了其他的DNS服务器, 又发现一处, 赶紧的吧！

详细说明：

另外一处, IP地址不一样.

> server ns2.hnair.com
默认服务器:  ns2.hnair.com
Address:  221.11.139.153
> ls -d hnair.com

漏洞证明：

> server ns2.hnair.com
默认服务器:  ns2.hnair.com
Address:  221.11.139.153
> ls -d hnair.com
[ns2.hnair.com]
 hnair.com.                     SOA    ns1.hnair.com hostmaster.ns1.hnair.com. (
2014031205 28800 7200 604800 86400)
 hnair.com.                     NS     ns1.hnair.com
 hnair.com.                     NS     ns2.hnair.com
 hnair.com.                     A      114.251.242.10
 hnair.com.                     A      1.202.236.138
 hnair.com.                     MX     10   Edge.hnair.com
 hnair.com.                     MX     15   edgebj.hnair.com
 biz                            A      122.119.114.17
 uat-hnass                      A      114.251.242.106
 smtp                           A      202.100.200.45
 smtp                           A      221.11.139.145
 ecargo                         A      202.100.226.70
 ecargo                         A      221.11.139.135
 bigip                          A      202.100.226.85
 bigip                          A      221.11.139.159
 wwwakamai                      A      114.251.242.10
 wwwakamai                      A      1.202.236.138
 hna-technik                    A      202.100.200.76
 hna-technik                    A      221.11.139.213
 sftp                           A      202.100.226.89
 sftp                           A      221.11.139.149
 flysafety                      A      202.100.203.92
 crl                            A      114.251.242.66
 crl                            A      1.202.236.194
 eterm                          A      202.100.200.43
 gcl_test                       A      202.100.226.84
 gcl_test                       A      221.11.139.142
 pachna                         A      113.59.108.82
 pachna                         A      202.100.226.160
 conference                     A      221.11.139.133
 meijia                         A      202.100.226.85
 meijia                         A      221.11.139.159
 cargo                          A      202.100.226.79
 cargo                          A      221.11.139.201
 syismtp                        A      123.124.170.122
 vpnbj                          A      220.194.19.208
 m                              A      202.100.200.92
 m                              A      221.11.139.229
 global                         A      82.150.228.78
 ru.global                      A      82.150.227.38
 fr.global                      A      82.150.227.38
 de.global                      A      82.150.227.38
 www.qa.global                  A      82.150.231.14
 kr.global                      A      82.150.227.38
 tw.global                      A      82.150.227.38
 www.global                     A      82.150.227.38
 ffp.global                     A      203.105.33.190
 srm                            A      202.100.226.94
 booking                        A      202.100.226.76
 booking                        A      221.11.139.137
 gziptest                       A      114.251.242.92
 gziptest                       A      1.202.236.219
 zzgq                           A      113.59.108.95
 zzgq                           A      202.100.226.170
 uat-pay-hnass                  A      114.251.242.106
 cuxiao                         A      124.42.34.68
 wechat                         A      114.251.242.165
 wechat                         A      1.202.236.182
 taocaile                       A      202.100.200.93
 taocaile                       A      221.11.139.227
 mail                           A      114.251.242.124
 mail                           A      1.202.236.252
 mail                           A      1.202.236.247
 mail                           A      114.251.242.119
 usmtp                          A      123.124.170.2
 qa                             A      82.150.226.122
 bms                            A      202.100.226.84
 bms                            A      221.11.139.142
 bj                             A      202.99.11.14
 ticket                         A      202.100.200.35
 ticket                         A      221.11.139.140
 ismtp                          A      202.100.200.45
 ismtp                          A      202.100.200.202
 ismtp                          A      202.100.226.81
 ismtp                          A      202.100.226.90
 ismtp                          A      221.11.139.145
 ismtp                          A      221.11.139.158
 ismtp                          A      221.11.139.202
 ismtp                          A      221.11.139.162
 ismtp                          A      202.100.200.201
 ismtp                          A      221.11.139.196
 ismtp                          A      202.100.226.183
 ismtp                          A      113.59.108.108
 sso                            A      202.100.200.66
 sso                            A      221.11.139.198
 etermbj01                      A      114.251.242.100
 etermbj02                      A      123.124.170.70
 dialin                         A      113.59.108.103
 dialin                         A      202.100.226.178
 uat-pic-hnass                  A      114.251.242.106
 cd                             A      202.98.127.35
 ffpservice                     A      114.251.242.112
 ehomemobile                    A      202.100.226.87
 ehomemobile                    A      221.11.139.148
 photo                          A      202.100.226.68
 photo                          A      221.11.139.133
 meet                           A      113.59.108.103
 meet                           A      202.100.226.178
 efb                            A      202.100.200.83
 efb                            A      221.11.139.219
 webcheckin                     A      122.119.122.63
 gcl                            A      202.100.200.38
 gcl                            A      221.11.139.181
 pop3                           A      202.100.200.45
 pop3                           A      221.11.139.145
 flying                         A      202.100.226.87
 flying                         A      221.11.139.148
 sunclub                        A      202.100.200.41
 ffpakamai                      A      202.100.200.89
 ffpakamai                      A      221.11.139.225
 de                             A      114.251.242.28
 de                             A      1.202.236.156
 icc                            A      202.100.200.95
 icc                            A      221.11.139.230
 sitemap                        A      114.251.242.36
 sitemap                        A      1.202.236.164
 entest                         A      202.100.200.211
 entest                         A      202.100.226.85
 entest                         A      221.11.139.159
 entest                         A      221.11.139.177
 pay                            A      202.100.226.89
 pay                            A      221.11.139.149
 flight                         A      202.100.203.90
 qq                             A      119.147.14.182
 qq                             A      58.251.58.43
 hnadl                          A      202.100.200.99
 hnadl                          A      221.11.139.234
 lsapps                         A      114.251.242.94
 lsapps                         A      1.202.236.222
 cntest                         A      202.100.200.211
 cntest                         A      202.100.226.85
 cntest                         A      221.11.139.159
 cntest                         A      221.11.139.177
 hnaops1                        A      202.100.200.60
 pcm                            A      171.17.130.33
 wwwglobal                      A      82.150.227.38
 3g                             A      202.100.200.92
 3g                             A      221.11.139.229
 push.3g                        A      113.59.108.97
 push.3g                        A      202.100.226.172
 nv.3g                          A      202.100.200.196
 nv.3g                          A      221.11.139.165
 sh                             A      202.101.8.4
 hnas                           A      202.100.226.85
 hnas                           A      221.11.139.159
 ns1                            A      202.100.200.53
 ns2                            A      221.11.139.153
 ns3                            A      114.251.242.9
 tc                             A      123.124.170.53
 cfm-hnass                      A      114.251.242.106
 ns4                            A      1.202.236.136
 lyncdiscoverinternal           A      113.59.108.103
 lyncdiscoverinternal           A      202.100.226.178
 edge                           A      202.100.200.215
 edge                           A      221.11.139.193
 attorney                       A      202.100.200.37
 attorney                       A      221.11.139.161
 bigiptest                      A      202.100.200.206
 bigiptest                      A      221.11.139.186
 exbj                           A      114.251.242.119
 exbj                           A      1.202.236.247
 lyfepool01                     A      113.59.108.103
 lyfepool01                     A      202.100.226.178
 admin                          A      202.100.226.66
 admin                          A      221.11.139.166
 hnass                          A      114.251.242.106
 bsc                            A      113.59.108.82
 bsc                            A      202.100.226.160
 studentpilot                   A      114.251.242.121
 studentpilot                   A      1.202.236.249
 gcl_ship                       A      202.100.20.79
 gcl_ship                       A      221.11.139.214
 qunar                          A      59.151.16.185
 qunar                          A      59.151.16.186
 manual                         A      202.100.200.89
 manual                         A      221.11.139.225
 et                             A      122.119.114.17
 sip                            A      202.100.226.176
 sip                            A      113.59.108.100
 mobile                         A      202.100.226.92
 mobile                         A      221.11.139.143
 ftpgcb                         A      202.100.226.77
 ftpgcb                         A      221.11.139.138
 miaosha                        A      122.119.122.51
 manage                         A      122.119.114.20
 gca-technik                    A      221.11.139.213
 gca-technik                    A      202.100.200.76
 sz                             A      202.96.140.3
 ccar147                        A      202.100.200.69
 lyncfe                         A      113.59.108.103
 lyncfe                         A      202.100.226.178
 trip                           A      202.100.200.96
 trip                           A      221.11.139.231
 scconsole1                     A      202.100.200.212
 scconsole1                     A      221.11.139.180
 pay-hnass                      A      114.251.242.106
 flynet                         A      114.251.242.20
 flynet                         A      1.202.236.157
 3gservice                      A      202.100.200.214
 3gservice                      A      221.11.139.189
 scconsole2                     A      202.100.200.212
 scconsole2                     A      221.11.139.180
 vns                            A      202.100.200.50
 vns                            A      221.11.139.150
 cma                            A      202.100.200.41
 cma                            A      221.11.139.207
 yhjp                           A      113.59.108.92
 yhjp                           A      202.100.226.167
 pic-hnass                      A      114.251.242.106
 us                             A      114.251.242.28
 us                             A      1.202.236.156
 ddm                            A      114.251.242.94
 ddm                            A      1.202.236.222
 hk                             A      202.82.191.179
 opcfltws                       A      202.100.200.87
 opcfltws                       A      221.11.139.223
 gt                             A      202.100.200.44
 gt                             A      221.11.139.156
 edgebj                         A      114.251.242.11
 edgebj                         A      1.202.236.139
 wh                             A      202.103.14.40
 wsmtp                          A      221.11.139.172
 wsmtp                          A      221.11.137.193
 xa                             A      61.134.3.140
 vpn                            A      202.100.200.47
 vpn                            A      221.11.139.147
 xb                             A      114.251.242.107
 xb                             A      1.202.236.235
 lyncdiscover                   A      113.59.108.103
 lyncdiscover                   A      202.100.226.178
 opcflt                         A      114.251.242.43
 opcflt                         A      1.202.236.163
 cncvpn                         A      221.11.137.193
 gsmtp                          A      202.100.200.60
 im                             A      202.100.200.195
 im                             A      221.11.139.209
 office                         A      113.59.108.102
 office                         A      202.100.226.177
 mobile-www1                    A      202.100.200.212
 eterm2                         A      202.100.200.197
 msn                            A      202.100.200.36
 msn                            A      221.11.139.160
 hbdt                           A      114.251.242.90
 hbdt                           A      1.202.236.217
 edge2                          A      202.100.200.60
 edge2                          A      221.11.139.131
 app                            A      114.251.242.145
 app                            A      1.202.236.243
 wx                             A      114.251.242.165
 wx                             A      1.202.236.182
 lsapl                          A      114.251.242.94
 lsapl                          A      1.202.236.222
 staffcard                      A      202.100.200.76
 staffcard                      A      221.11.139.213
 wx1                            A      114.251.242.163
 apps                           A      202.100.226.80
 apps                           A      221.11.139.141
 mcloud                         A      114.251.242.175
 mcloud                         A      1.202.236.222
 agentclub                      A      202.100.200.37
 agentclub                      A      221.11.139.161
 barracuda                      A      202.100.200.215
 barracuda                      A      221.11.139.193
 holiday                        A      113.59.108.85
 holiday                        A      202.100.226.163
 chenfeng                       A      202.100.200.39
 chenfeng                       A      221.11.139.139
 test1                          CNAME  test1.hnair.com.chinacache.net
 mobilehnasis                   A      221.11.139.173
 mobilehnasis                   A      202.100.200.209
 lk                             A      202.100.200.212
 lk                             A      221.11.139.180
 photoes                        A      202.100.200.57
 photoes                        A      221.11.139.157
 test2                          A      202.100.200.221
 test2                          A      221.11.139.254
 testtaocaile                   A      202.100.200.94
 testtaocaile                   A      221.11.139.226
 ftp                            A      202.100.200.57
 ftp                            A      221.11.139.157
 weixin                         A      114.251.242.165
 weixin                         A      1.202.236.182
 agent                          A      122.119.114.17
 test                           A      202.100.200.87
 test                           A      221.11.139.223
 www.test                       A      202.100.226.74
 www.test                       A      221.11.139.168
 ffptest                        A      202.100.200.207
 ffptest                        A      221.11.139.186
 hnair.com.                     SOA    ns1.hnair.com hostmaster.ns1.hnair.com. (
2014031205 28800 7200 604800 86400)
>

修复方案：

...
RT:如果审核觉得麻烦, 我觉得合并也行的, 麻烦了

版权声明：转载请注明来源 harbour_bin@乌云

漏洞回应

厂商回应：

危害等级：低

漏洞Rank：5

确认时间：2015-10-23 08:56

厂商回复：

谢谢，我们将立即安排整改

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0148654

漏洞标题：航空安全之海南航空DNS域传送漏洞#2

相关厂商：海南航空

漏洞作者： harbour_bin

提交时间：2015-10-22 17:22

修复时间：2015-12-07 08:58

公开时间：2015-12-07 08:58

漏洞类型：重要敏感信息泄露

危害等级：中

自评Rank：10

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 harbour_bin@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0148654

漏洞标题：航空安全之海南航空DNS域传送漏洞#2

相关厂商：海南航空

漏洞作者： harbour_bin

提交时间：2015-10-22 17:22

修复时间：2015-12-07 08:58

公开时间：2015-12-07 08:58

漏洞类型：重要敏感信息泄露

危害等级：中

自评Rank：10

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0148654"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 harbour_bin@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：