台湾飞翔骆驼商城存在dns域传送漏洞大量域名指向外泄

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-096309

漏洞标题：台湾飞翔骆驼商城存在dns域传送漏洞大量域名指向外泄

漏洞作者：路人甲

提交时间：2015-02-11 11:40

修复时间：2015-03-28 11:40

公开时间：2015-03-28 11:40

漏洞类型：系统/服务运维配置不当

危害等级：中

自评Rank：10

漏洞状态：已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-02-11：细节已通知厂商并且等待厂商处理中
2015-02-15：厂商已经确认，细节仅向厂商公开
2015-02-25：细节向核心白帽子及相关领域专家公开
2015-03-07：细节向普通白帽子公开
2015-03-17：细节向实习白帽子公开
2015-03-28：细节向公众公开

简要描述：

店铺数量：15193
商品数量：1451658

详细说明：

1.地址：
http://www.aircamel.com.tw/
2.首页：

3.外泄域名指向：

; <<>> DiG 9.8.3-P1 <<>> @ns2.aircamel.com.tw. axfr aircamel.com.tw
; (1 server found)
;; global options: +cmd
aircamel.com.tw.	2592000	IN	SOA	ns.aircamel.com.tw. root.aircamel.com.tw. 2014010901 38400 10800 604800 38400
aircamel.com.tw.	2592000	IN	NS	ns.aircamel.com.tw.
aircamel.com.tw.	2592000	IN	NS	ns2.aircamel.com.tw.
aircamel.com.tw.	2592000	IN	A	61.31.237.1
aircamel.com.tw.	2592000	IN	MX	10 mail.aircamel.com.tw.
aircamel.com.tw.	2592000	IN	MX	20 mail2.aircamel.com.tw.
aircamel.com.tw.	2592000	IN	MX	30 edm.aircamel.com.tw.
aircamel.com.tw.	2592000	IN	TXT	"v=spf1 a mx ~all"
aircamel.com.tw.	2592000	IN	TXT	"v=spf1 a mx include:aircamel.com.tw include:aircamel.com.tw ~all"
*.aircamel.com.tw.	2592000	IN	A	61.31.237.1
17240game.aircamel.com.tw. 2592000 IN	CNAME	www.17240game.com.
_domainkey.aircamel.com.tw. 2592000 IN	TXT	"t=y"
default._domainkey.aircamel.com.tw. 2592000 IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDClgINATEtOfSohQM+0h0tOIvX/LcST4zc/FgEFnnJD/Q4xSWOCqhoZ6GG9Ocn903t8aPE7jW7wiMkNSG2wmbU1WEmlVTfEDZUuXg0bazUttv0gXSmwk/NQTNb+HUMNJIzIi56y/2LCrXSyuO6zSQI0wPHhQZ359dBJkLfX9mmmwIDAQAB"
edmdkim._domainkey.aircamel.com.tw. 2592000 IN TXT "v=DKIM1\; r=postmaster\; g=*\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCoa9AONxfXkZz1/H32tld+mTzabQ4Mf/xIqVcy7Miy4HUIBKhKe5FOAJwBlpPv+hQDH0M7IcJr/Lz55fPARdqBF/LgdWuKBoFLVPtITkChukqqsahpim0cr8bQamqvbWPpbviKDpL0aZz1zR17RQxkY2fPxZbpOSfpyU6W073SQIDAQAB"
key1._domainkey.aircamel.com.tw. 2592000 IN TXT	"v=DKIM1\; g=*\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNDGOY+OrRFnJUTkCiTmRDy/W4FO97HPYqmKUcTrfEGiIgr6tad5liuz3VFgEDRABN3DwwsUC38fI0wXN+qPm6Emycr1nGThiAiZQftrN2WsCeDkjAQUH30tALLMdLfQPEaXCwqFgfuKkpcB5maQ4zy5kM948ODhWK9+TDj0vRPwIDAQAB"
mail._domainkey.aircamel.com.tw. 2592000 IN TXT	"g=\; k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcX47OKrRherQy1yzaE6Zjnw0+GNzMertRjNVmgvqmbtky07XCkSeTQh6T8N0mwQG70k8wNxlRwuacsSsyRDnawR7/NhaPmamBgojRn81fRSQCA8YKRoCtg+YVY31jZT/g+5VFuEM1Ty7a/oGhM+9yMqe/qX5N7+mOVt6TDhYXHQIDAQAB"
api.aircamel.com.tw.	2592000	IN	A	61.31.237.4
cn.aircamel.com.tw.	2592000	IN	A	61.31.237.17
*.cn.aircamel.com.tw.	2592000	IN	A	61.31.237.17
cndev.aircamel.com.tw.	2592000	IN	A	61.31.237.97
*.cndev.aircamel.com.tw. 2592000 IN	A	61.31.237.97
www.cndev.aircamel.com.tw. 2592000 IN	A	61.31.237.97
cnstable.aircamel.com.tw. 2592000 IN	A	61.31.237.19
*.cnstable.aircamel.com.tw. 2592000 IN	A	61.31.237.19
www.cnstable.aircamel.com.tw. 2592000 IN A	61.31.237.19
dev.aircamel.com.tw.	2592000	IN	A	61.31.237.97
*.dev.aircamel.com.tw.	2592000	IN	A	61.31.237.97
www.dev.aircamel.com.tw. 2592000 IN	A	61.31.237.97
edm.aircamel.com.tw.	2592000	IN	TXT	"v=spf1 a -all"
edm.aircamel.com.tw.	2592000	IN	A	61.31.237.35
event.aircamel.com.tw.	2592000	IN	A	61.31.237.5
forum.aircamel.com.tw.	2592000	IN	A	61.31.237.1
goods.aircamel.com.tw.	2592000	IN	A	61.31.237.1
idolstar.aircamel.com.tw. 2592000 IN	A	61.31.237.5
img.aircamel.com.tw.	2592000	IN	A	61.31.237.3
mail.aircamel.com.tw.	2592000	IN	TXT	"v=spf1 a -all"
mail.aircamel.com.tw.	2592000	IN	TXT	"v=spf1 ip4:202.153.188.11/32 ~all"
mail.aircamel.com.tw.	2592000	IN	A	61.31.237.31
mail2.aircamel.com.tw.	2592000	IN	TXT	"v=spf1 a -all"
mail2.aircamel.com.tw.	2592000	IN	A	61.31.237.241
member.aircamel.com.tw.	2592000	IN	A	61.31.237.1
ns.aircamel.com.tw.	2592000	IN	A	61.31.237.31
ns2.aircamel.com.tw.	2592000	IN	A	61.31.237.32
payment.aircamel.com.tw. 2592000 IN	A	61.31.237.40
shipment.aircamel.com.tw. 2592000 IN	A	61.31.237.40
stable.aircamel.com.tw.	2592000	IN	A	61.31.237.19
*.stable.aircamel.com.tw. 2592000 IN	A	61.31.237.19
www.stable.aircamel.com.tw. 2592000 IN	A	61.31.237.19
staff.aircamel.com.tw.	2592000	IN	A	61.31.237.152
store.aircamel.com.tw.	2592000	IN	A	61.31.237.1
tesr.aircamel.com.tw.	2592000	IN	A	61.31.237.38
upload.aircamel.com.tw.	2592000	IN	A	61.31.237.2
www.aircamel.com.tw.	2592000	IN	A	61.31.237.1
aircamel.com.tw.	2592000	IN	SOA	ns.aircamel.com.tw. root.aircamel.com.tw. 2014010901 38400 10800 604800 38400
;; Query time: 198 msec
;; SERVER: 61.31.237.32#53(61.31.237.32)
;; WHEN: Fri Feb  6 22:30:04 2015
;; XFR size: 54 records (messages 1, bytes 2248)

漏洞证明：

1.地址：
http://www.aircamel.com.tw/
2.首页：

3.外泄域名指向：

; <<>> DiG 9.8.3-P1 <<>> @ns2.aircamel.com.tw. axfr aircamel.com.tw
; (1 server found)
;; global options: +cmd
aircamel.com.tw.	2592000	IN	SOA	ns.aircamel.com.tw. root.aircamel.com.tw. 2014010901 38400 10800 604800 38400
aircamel.com.tw.	2592000	IN	NS	ns.aircamel.com.tw.
aircamel.com.tw.	2592000	IN	NS	ns2.aircamel.com.tw.
aircamel.com.tw.	2592000	IN	A	61.31.237.1
aircamel.com.tw.	2592000	IN	MX	10 mail.aircamel.com.tw.
aircamel.com.tw.	2592000	IN	MX	20 mail2.aircamel.com.tw.
aircamel.com.tw.	2592000	IN	MX	30 edm.aircamel.com.tw.
aircamel.com.tw.	2592000	IN	TXT	"v=spf1 a mx ~all"
aircamel.com.tw.	2592000	IN	TXT	"v=spf1 a mx include:aircamel.com.tw include:aircamel.com.tw ~all"
*.aircamel.com.tw.	2592000	IN	A	61.31.237.1
17240game.aircamel.com.tw. 2592000 IN	CNAME	www.17240game.com.
_domainkey.aircamel.com.tw. 2592000 IN	TXT	"t=y"
default._domainkey.aircamel.com.tw. 2592000 IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDClgINATEtOfSohQM+0h0tOIvX/LcST4zc/FgEFnnJD/Q4xSWOCqhoZ6GG9Ocn903t8aPE7jW7wiMkNSG2wmbU1WEmlVTfEDZUuXg0bazUttv0gXSmwk/NQTNb+HUMNJIzIi56y/2LCrXSyuO6zSQI0wPHhQZ359dBJkLfX9mmmwIDAQAB"
edmdkim._domainkey.aircamel.com.tw. 2592000 IN TXT "v=DKIM1\; r=postmaster\; g=*\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCoa9AONxfXkZz1/H32tld+mTzabQ4Mf/xIqVcy7Miy4HUIBKhKe5FOAJwBlpPv+hQDH0M7IcJr/Lz55fPARdqBF/LgdWuKBoFLVPtITkChukqqsahpim0cr8bQamqvbWPpbviKDpL0aZz1zR17RQxkY2fPxZbpOSfpyU6W073SQIDAQAB"
key1._domainkey.aircamel.com.tw. 2592000 IN TXT	"v=DKIM1\; g=*\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNDGOY+OrRFnJUTkCiTmRDy/W4FO97HPYqmKUcTrfEGiIgr6tad5liuz3VFgEDRABN3DwwsUC38fI0wXN+qPm6Emycr1nGThiAiZQftrN2WsCeDkjAQUH30tALLMdLfQPEaXCwqFgfuKkpcB5maQ4zy5kM948ODhWK9+TDj0vRPwIDAQAB"
mail._domainkey.aircamel.com.tw. 2592000 IN TXT	"g=\; k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcX47OKrRherQy1yzaE6Zjnw0+GNzMertRjNVmgvqmbtky07XCkSeTQh6T8N0mwQG70k8wNxlRwuacsSsyRDnawR7/NhaPmamBgojRn81fRSQCA8YKRoCtg+YVY31jZT/g+5VFuEM1Ty7a/oGhM+9yMqe/qX5N7+mOVt6TDhYXHQIDAQAB"
api.aircamel.com.tw.	2592000	IN	A	61.31.237.4
cn.aircamel.com.tw.	2592000	IN	A	61.31.237.17
*.cn.aircamel.com.tw.	2592000	IN	A	61.31.237.17
cndev.aircamel.com.tw.	2592000	IN	A	61.31.237.97
*.cndev.aircamel.com.tw. 2592000 IN	A	61.31.237.97
www.cndev.aircamel.com.tw. 2592000 IN	A	61.31.237.97
cnstable.aircamel.com.tw. 2592000 IN	A	61.31.237.19
*.cnstable.aircamel.com.tw. 2592000 IN	A	61.31.237.19
www.cnstable.aircamel.com.tw. 2592000 IN A	61.31.237.19
dev.aircamel.com.tw.	2592000	IN	A	61.31.237.97
*.dev.aircamel.com.tw.	2592000	IN	A	61.31.237.97
www.dev.aircamel.com.tw. 2592000 IN	A	61.31.237.97
edm.aircamel.com.tw.	2592000	IN	TXT	"v=spf1 a -all"
edm.aircamel.com.tw.	2592000	IN	A	61.31.237.35
event.aircamel.com.tw.	2592000	IN	A	61.31.237.5
forum.aircamel.com.tw.	2592000	IN	A	61.31.237.1
goods.aircamel.com.tw.	2592000	IN	A	61.31.237.1
idolstar.aircamel.com.tw. 2592000 IN	A	61.31.237.5
img.aircamel.com.tw.	2592000	IN	A	61.31.237.3
mail.aircamel.com.tw.	2592000	IN	TXT	"v=spf1 a -all"
mail.aircamel.com.tw.	2592000	IN	TXT	"v=spf1 ip4:202.153.188.11/32 ~all"
mail.aircamel.com.tw.	2592000	IN	A	61.31.237.31
mail2.aircamel.com.tw.	2592000	IN	TXT	"v=spf1 a -all"
mail2.aircamel.com.tw.	2592000	IN	A	61.31.237.241
member.aircamel.com.tw.	2592000	IN	A	61.31.237.1
ns.aircamel.com.tw.	2592000	IN	A	61.31.237.31
ns2.aircamel.com.tw.	2592000	IN	A	61.31.237.32
payment.aircamel.com.tw. 2592000 IN	A	61.31.237.40
shipment.aircamel.com.tw. 2592000 IN	A	61.31.237.40
stable.aircamel.com.tw.	2592000	IN	A	61.31.237.19
*.stable.aircamel.com.tw. 2592000 IN	A	61.31.237.19
www.stable.aircamel.com.tw. 2592000 IN	A	61.31.237.19
staff.aircamel.com.tw.	2592000	IN	A	61.31.237.152
store.aircamel.com.tw.	2592000	IN	A	61.31.237.1
tesr.aircamel.com.tw.	2592000	IN	A	61.31.237.38
upload.aircamel.com.tw.	2592000	IN	A	61.31.237.2
www.aircamel.com.tw.	2592000	IN	A	61.31.237.1
aircamel.com.tw.	2592000	IN	SOA	ns.aircamel.com.tw. root.aircamel.com.tw. 2014010901 38400 10800 604800 38400
;; Query time: 198 msec
;; SERVER: 61.31.237.32#53(61.31.237.32)
;; WHEN: Fri Feb  6 22:30:04 2015
;; XFR size: 54 records (messages 1, bytes 2248)

修复方案：

限制访问

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：8

确认时间：2015-02-15 16:19

厂商回复：

謝謝通報

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-096309

漏洞标题：台湾飞翔骆驼商城存在dns域传送漏洞大量域名指向外泄

相关厂商：Hitcon台湾互联网漏洞报告平台

漏洞作者：路人甲

提交时间：2015-02-11 11:40

修复时间：2015-03-28 11:40

公开时间：2015-03-28 11:40

漏洞类型：系统/服务运维配置不当

危害等级：中

自评Rank：10

漏洞状态：已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-096309

漏洞标题：台湾飞翔骆驼商城存在dns域传送漏洞大量域名指向外泄

相关厂商：Hitcon台湾互联网漏洞报告平台

漏洞作者： 路人甲

提交时间：2015-02-11 11:40

修复时间：2015-03-28 11:40

公开时间：2015-03-28 11:40

漏洞类型：系统/服务运维配置不当

危害等级：中

自评Rank：10

漏洞状态：已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-096309"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云