漏洞概要 关注数(24) 关注此漏洞
>
漏洞详情
披露状态:
2011-01-28: 积极联系厂商并且等待厂商认领中,细节不对外公开
2011-01-28: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
网游网www.5617.com所在DNS ns1.5617.com和ns2.5617.com配置错误,导致远程攻击者可以远程列出DNS上所有域名,进一步扩大供给范围。
另外提醒下:
建议以后各大站长入住第三方DNS的时候调查一下其服务器的安全性,我之前提交的《时代互联DNS漏洞和web泄露绝对路径》中,所有寄存在时代互联DNS中的域名好像都存在DNS域传送问题,比如:pfj.cn
详细说明:
见漏洞证明
漏洞证明:
#caiji.5617.com. 3600 IN A 116.255.136.67
#download213.5617.com. 3600 IN A 116.255.136.67
#download214.5617.com. 3600 IN A 116.255.136.67
#ns2.5617.com. 3600 IN A 210.51.45.210
#sg.5617.com. 3600 IN A 116.255.136.67
#snsdel2.5617.com. 3600 IN A 116.255.136.67
#vnet1.5617.com. 3600 IN A 116.255.136.67
*.5617.com. 3600 IN A 116.255.136.72
*.123.5617.com. 3600 IN A 210.51.45.211
15173.5617.com. 3600 IN A 60.28.222.123
1kt.5617.com. 3600 IN A 116.255.136.83
39j.5617.com. 3600 IN A 210.51.45.211
act.5617.com. 3600 IN A 116.255.136.72
ah.5617.com. 3600 IN A 61.132.216.46
Ahvnet.5617.com. 3600 IN A 61.132.216.46
angnes.5617.com. 3600 IN A 218.1.73.174
article.5617.com. 3600 IN A 218.1.73.173
baike.5617.com. 3600 IN A 210.51.45.215
bak.5617.com. 3600 IN A 218.78.215.35
banner.5617.com. 3600 IN A 116.255.136.79
bbs.5617.com. 3600 IN A 116.255.136.70
……太多了,就不列了。
修复方案:
你知道。
版权声明:转载请注明来源 F.One.S@乌云
>
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:10 (WooYun评价)