当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-098570

漏洞标题:transn传神DNS域传送漏洞

相关厂商:transn.com

漏洞作者: 小人物Reno

提交时间:2015-02-27 15:38

修复时间:2015-04-13 16:58

公开时间:2015-04-13 16:58

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-02-27: 细节已通知厂商并且等待厂商处理中
2015-02-27: 厂商已经确认,细节仅向厂商公开
2015-03-09: 细节向核心白帽子及相关领域专家公开
2015-03-19: 细节向普通白帽子公开
2015-03-29: 细节向实习白帽子公开
2015-04-13: 细节向公众公开

简要描述:

transn传神DNS域传送漏洞

详细说明:

新年快乐!

QQ截图20150227150329.png

漏洞证明:

QQ截图20150227150343.png


> ls -d transn.com
[dns1.xwatt.com]
transn.com. SOA dns1.xwatt.com root.xwatt.com. (20120806 1800 14400 180000 1800)
transn.com. A 59.151.103.78
transn.com. NS dns1.xwatt.com
transn.com. NS dns2.xwatt.com
transn.com. MX 4 mx01.263xmail.com
transn.com. MX 10 mxw.263xmail.com
transn.com. MX 36 ms12589786.msv1.invalid.outlook.com
a71log1 A 59.151.103.81
a76a A 59.151.103.81
accc497c5c7876e1760234015744c838 CNAME verify.wooyun.org
admin A 202.152.181.223
api A 59.151.103.78
b A 59.151.103.85
bbs A 10.0.6.81
bfsu A 59.151.103.80
bob A 59.151.103.82
bot A 42.96.191.50
business A 59.151.103.81
cat A 59.151.103.74
cccar A 202.98.19.161
cfg A 59.151.103.71
college A 59.151.103.74
crm A 123.127.98.23
demoa76a A 59.151.103.81
diaocha A 59.151.35.71
dict A 59.151.103.79
dictshow A 59.151.103.74
dns1 A 59.151.103.71
dns2 A 220.194.26.59
ecocity A 59.151.103.77
edu A 59.151.103.74
elp A 59.151.103.80
en A 10.0.6.22
entelp A 59.151.103.80
ezshop A 59.151.103.76
g2 A 10.0.110.12
gift A 59.151.103.81
group A 59.151.103.81
gw A 59.151.103.81
ina71log1 A 10.0.6.81
incfg A 10.0.6.71
inelp A 10.0.6.80
inlog1 A 10.0.6.79
intestelp A 10.0.6.80
intesttools A 10.0.6.71
intesttraining A 10.0.6.79
intools A 10.0.6.71
intraining A 10.0.6.74
inwww A 10.0.6.11
iolfile A 10.0.110.12
isc A 59.151.103.86
isc2012 A 220.249.123.34
itlp A 10.0.110.12
jinhua A 59.151.103.78
kjds A 42.96.191.50
kz A 59.151.103.78
l A 59.151.103.78
lein A 202.152.181.223
localhost A 127.0.0.1
log1 A 59.151.103.79
log2 A 10.0.0.107
log3 A 10.0.0.107
log4 A 10.0.0.107
log5 A 10.0.0.107
lv A 59.151.103.78
mail CNAME gmail.263.com
meeting A 211.150.76.64
mms A 59.151.103.81
mrb A 10.0.110.5
nankai A 59.151.103.74
news A 59.151.103.81
old A 59.151.103.81
old-online-test A 59.151.103.81
online-test A 59.151.103.86
party A 101.251.204.34
pinpai A 59.151.103.81
pop CNAME pop.263xmail.com
pop3 CNAME pop3.263xmail.com
s A 59.151.103.78
smtp CNAME smtp.263xmail.com
t A 59.151.103.78
tcat A 59.151.103.82
td A 59.151.103.81
td2 A 59.151.103.81
td3 A 59.151.103.81
tdcms A 59.151.103.81
techcenter A 59.151.103.81
testa76a A 59.151.103.81
testedu A 59.151.103.74
testelp A 59.151.103.80
testonline-test A 59.151.103.81
testpdol2-test A 59.151.103.81
testtools A 59.151.103.72
testtraining A 59.151.103.74
tools A 59.151.103.71
tp A 111.67.199.123
training A 59.151.103.74
translation A 182.92.236.44
transnfile A 59.151.35.93
u2 A 10.0.110.12
vipmail A 59.151.103.78
wb A 42.96.191.50
wb1 A 42.96.191.50
wbh A 59.151.103.78
we A 59.151.103.77
www A 59.151.103.78
www1 A 59.151.103.85
xuexi A 10.0.0.101
yiqu A 10.0.0.15
yy A 42.96.191.50
zhaobiao A 202.152.181.223
transn.com. SOA dns1.xwatt.com root.xwatt.com. (20120806 1800 14400 180000 1800)
>

修复方案:

null

版权声明:转载请注明来源 小人物Reno@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-02-27 16:02

厂商回复:

感谢

最新状态:

暂无


漏洞评价:

评论

  1. 2015-02-27 16:17 | 小人物Reno ( 普通白帽子 | Rank:471 漏洞数:32 | X)

    还有几处漏洞,我每次都忘记加上一起提交,Σ( ° △ °|||)︴,我记性太差了@传神

  2. 2015-07-16 19:22 | BashLinux ( 路人 | Rank:2 漏洞数:1 | 高价 长期收购SSH默认账号,密码,)

    @小人物Reno 大神,合作下QQ2094238760 答案1888