某圖書館全球資訊網dns域传送漏洞导致域名指向泄露 | wooyun-2015-096345

漏洞概要关注数(24) 关注此漏洞

缺陷编号：

wooyun-2015-096345

漏洞标题：

某圖書館全球資訊網dns域传送漏洞导致域名指向泄露

漏洞详情

披露状态：

2015-02-11：细节已通知厂商并且等待厂商处理中
2015-02-15：厂商已经确认，细节仅向厂商公开
2015-02-25：细节向核心白帽子及相关领域专家公开
2015-03-07：细节向普通白帽子公开
2015-03-17：细节向实习白帽子公开
2015-03-28：细节向公众公开

简要描述：

某圖書館全球資訊網

详细说明：

1.URL：
國家圖書館全球資訊網
http://www.ncl.edu.tw/
2.首页：

3.指向信息；看人家都用上ipv6了解析了，唉唉唉唉。。。。什么样的节奏。。。。

; <<>> DiG 9.8.3-P1 <<>> @ncldns2.ncl.edu.tw. axfr ncl.edu.tw
; (1 server found)
;; global options: +cmd
ncl.edu.tw.		1800	IN	SOA	ncldns1.ncl.edu.tw. root.ncl.edu.tw. 2015012801 1800 900 2419200 10800
ncl.edu.tw.		1800	IN	MX	10 mg.ncl.edu.tw.
ncl.edu.tw.		1800	IN	MX	10 mg2.ncl.edu.tw.
ncl.edu.tw.		1800	IN	MX	20 msg.ncl.edu.tw.
ncl.edu.tw.		1800	IN	NS	ncldns1.ncl.edu.tw.
ncl.edu.tw.		1800	IN	NS	ncldns2.ncl.edu.tw.
100read.ncl.edu.tw.	1800	IN	CNAME	4thldt.ncl.edu.tw.
101read.ncl.edu.tw.	1800	IN	A	192.83.186.120
102read.ncl.edu.tw.	1800	IN	A	192.83.186.120
103read.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:120
103read.ncl.edu.tw.	1800	IN	A	192.83.186.120
104read.ncl.edu.tw.	1800	IN	A	192.83.186.120
4thldt.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:120
4thldt.ncl.edu.tw.	1800	IN	A	192.83.186.120
80th.ncl.edu.tw.	1800	IN	A	192.83.186.151
aac.ncl.edu.tw.		1800	IN	A	192.192.58.168
activity.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::58:168
activity.ncl.edu.tw.	1800	IN	A	192.192.58.168
aledo.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:59
aledo.ncl.edu.tw.	1800	IN	A	192.83.186.59
alereg.ncl.edu.tw.	1800	IN	A	192.83.186.57
aleweb.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:102
aleweb.ncl.edu.tw.	1800	IN	A	192.83.186.61
ariel.ncl.edu.tw.	1800	IN	A	192.83.186.7
art.ncl.edu.tw.		1800	IN	A	192.83.186.80
atm.ncl.edu.tw.		1800	IN	AAAA	2001:288:105:1::186:69
atm.ncl.edu.tw.		1800	IN	A	192.83.186.69
biep.ncl.edu.tw.	1800	IN	A	192.192.58.245
blog.ncl.edu.tw.	1800	IN	CNAME	aac.ncl.edu.tw.
books80.ncl.edu.tw.	1800	IN	CNAME	ccs.ncl.edu.tw.
bsc.ncl.edu.tw.		1800	IN	CNAME	twinfo.ncl.edu.tw.
caj.ncl.edu.tw.		1800	IN	A	192.83.186.79
card.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:31
card.ncl.edu.tw.	1800	IN	A	192.83.186.151
catbase.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:205
catbase.ncl.edu.tw.	1800	IN	A	192.83.186.205
catbase2.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:93
catbase2.ncl.edu.tw.	1800	IN	A	192.83.186.93
catld.ncl.edu.tw.	1800	IN	A	192.83.186.12
catweb.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:85
catweb.ncl.edu.tw.	1800	IN	A	192.83.186.85
cccii.ncl.edu.tw.	1800	IN	CNAME	w1.ncl.edu.tw.
ccdscr.ncl.edu.tw.	1800	IN	A	192.83.186.131
ccs.ncl.edu.tw.		1800	IN	AAAA	2001:288:105:1::58:120
ccs.ncl.edu.tw.		1800	IN	A	192.192.58.120
ccs30.ncl.edu.tw.	1800	IN	A	192.192.58.120
ccsdb.ncl.edu.tw.	1800	IN	A	192.192.58.121
cdlink.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:151
cdlink.ncl.edu.tw.	1800	IN	A	192.83.186.151
chinesestudy.ncl.edu.tw. 1800	IN	A	192.192.58.120
chinovel.ncl.edu.tw.	1800	IN	CNAME	4thldt.ncl.edu.tw.
cloud.ncl.edu.tw.	1800	IN	CNAME	ndltdcc.ncl.edu.tw.
corejournal.ncl.edu.tw.	1800	IN	CNAME	w1.ncl.edu.tw.
cu.ncl.edu.tw.		1800	IN	A	192.192.58.166
cus.ncl.edu.tw.		1800	IN	AAAA	2001:288:105:1::186:87
cus.ncl.edu.tw.		1800	IN	A	192.83.186.87
datas2.ncl.edu.tw.	1800	IN	A	192.192.58.83
dava.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::58:117
dava.ncl.edu.tw.	1800	IN	A	192.192.58.117
dbdata.ncl.edu.tw.	1800	IN	A	192.83.186.211
drama.ncl.edu.tw.	1800	IN	CNAME	folklore.ncl.edu.tw.
dynixipac.ncl.edu.tw.	1800	IN	A	192.192.58.228
ebook.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:135
ebook.ncl.edu.tw.	1800	IN	A	192.83.186.135
ebookadmin.ncl.edu.tw.	1800	IN	A	192.83.186.136
ebookdemo.ncl.edu.tw.	1800	IN	A	192.83.186.151
ebooktest.ncl.edu.tw.	1800	IN	A	192.83.186.137
edb.ncl.edu.tw.		1800	IN	A	192.192.58.94
edba.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::58:93
edba.ncl.edu.tw.	1800	IN	A	192.83.186.151
edba172.ncl.edu.tw.	1800	IN	A	192.83.186.172
enews.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:67
enews.ncl.edu.tw.	1800	IN	A	192.83.186.151
eps.ncl.edu.tw.		1800	IN	A	192.83.186.20
ereading.ncl.edu.tw.	1800	IN	A	192.83.186.17
esource.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:20
esource.ncl.edu.tw.	1800	IN	A	192.83.186.151
etds.ncl.edu.tw.	1800	IN	CNAME	ndltd.ncl.edu.tw.
eui.ncl.edu.tw.		1800	IN	CNAME	twinfo.ncl.edu.tw.
findit.ncl.edu.tw.	1800	IN	A	192.83.186.58
folklore.ncl.edu.tw.	1800	IN	A	192.192.58.112
folklore.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::58:112
funbook.ncl.edu.tw.	1800	IN	A	192.83.186.172
funnpl.ncl.edu.tw.	1800	IN	CNAME	funbook.ncl.edu.tw.
gaz.ncl.edu.tw.		1800	IN	AAAA	2001:288:105:1::186:39
gaz.ncl.edu.tw.		1800	IN	A	192.83.186.39
hakka.ncl.edu.tw.	1800	IN	A	192.192.58.156
hakkalib.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::58:156
hakkalib.ncl.edu.tw.	1800	IN	A	192.192.58.156
handle.ncl.edu.tw.	1800	IN	A	192.83.186.112
Image4.ncl.edu.tw.	1800	IN	A	192.83.186.83
Image5.ncl.edu.tw.	1800	IN	A	192.192.58.111
img1.ncl.edu.tw.	1800	IN	A	192.192.58.84
img2.ncl.edu.tw.	1800	IN	A	192.192.58.99
incl.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:231
incl.ncl.edu.tw.	1800	IN	A	192.83.186.231
inclintra.ncl.edu.tw.	1800	IN	A	192.83.186.163
inclsys.ncl.edu.tw.	1800	IN	A	192.83.186.237
isbn.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::58:162
isbn.ncl.edu.tw.	1800	IN	A	192.192.58.162
isbnapp.ncl.edu.tw.	1800	IN	A	192.192.58.161
isbnfax.ncl.edu.tw.	1800	IN	A	192.192.58.253
isearch.ncl.edu.tw.	1800	IN	A	192.83.186.238
isrc.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:65
isrc.ncl.edu.tw.	1800	IN	A	192.83.186.151
issn.ncl.edu.tw.	1800	IN	CNAME	w1.ncl.edu.tw.
issr.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:160
issr.ncl.edu.tw.	1800	IN	A	192.83.186.160
km.ncl.edu.tw.		1800	IN	CNAME	incl.ncl.edu.tw.
kmsys.ncl.edu.tw.	1800	IN	A	192.83.186.28
lib.ncl.edu.tw.		1800	IN	A	192.83.186.151
libstat.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:33
libstat.ncl.edu.tw.	1800	IN	A	192.83.186.33
lit.ncl.edu.tw.		1800	IN	AAAA	2001:288:105:1::58:200
lit.ncl.edu.tw.		1800	IN	A	192.192.58.200
localdap.ncl.edu.tw.	1800	IN	CNAME	twinfo.ncl.edu.tw.
localdoc.ncl.edu.tw.	1800	IN	A	192.83.186.225
localhost.ncl.edu.tw.	1800	IN	A	127.0.0.1
m2k1.ncl.edu.tw.	1800	IN	A	192.83.186.31
magazine.ncl.edu.tw.	1800	IN	A	202.3.172.185
manu.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:203
manu.ncl.edu.tw.	1800	IN	A	192.83.186.203
marc.ncl.edu.tw.	1800	IN	CNAME	sun5000.ncl.edu.tw.
mcu.ncl.edu.tw.		1800	IN	A	192.83.186.86
mdava.ncl.edu.tw.	1800	IN	A	192.83.186.155
memory.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:225
memory.ncl.edu.tw.	1800	IN	A	192.83.186.225
metadata.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::7:6
metadata.ncl.edu.tw.	1800	IN	A	192.83.186.180
metanbi.ncl.edu.tw.	1800	IN	A	192.83.186.171
mg.ncl.edu.tw.		1800	IN	A	192.83.186.217
mg2.ncl.edu.tw.		1800	IN	AAAA	2001:288:105:1::186:212
mg2.ncl.edu.tw.		1800	IN	A	192.83.186.212
mr.ncl.edu.tw.		1800	IN	A	192.192.58.98
msg.ncl.edu.tw.		1800	IN	MX	10 mg.ncl.edu.tw.
msg.ncl.edu.tw.		1800	IN	MX	10 mg2.ncl.edu.tw.
msg.ncl.edu.tw.		1800	IN	MX	20 msg.ncl.edu.tw.
msg.ncl.edu.tw.		1800	IN	AAAA	2001:288:105:1::186:214
msg.ncl.edu.tw.		1800	IN	A	192.83.186.214
msg33.ncl.edu.tw.	1800	IN	A	192.192.58.33
nbi1.ncl.edu.tw.	1800	IN	A	192.83.186.101
nbi2.ncl.edu.tw.	1800	IN	A	192.83.186.102
nbinet.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:182
nbinet.ncl.edu.tw.	1800	IN	A	192.83.186.182
nbinet3.ncl.edu.tw.	1800	IN	A	192.83.186.170
nbiqc.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::7:2
nbiqc.ncl.edu.tw.	1800	IN	A	192.192.58.151
nbisso.ncl.edu.tw.	1800	IN	A	192.83.186.139
ncl3550.ncl.edu.tw.	1800	IN	A	192.83.186.3
nclact.ncl.edu.tw.	1800	IN	A	192.83.186.30
nclcc.ncl.edu.tw.	1800	IN	A	192.83.186.213
ncldns1.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::58:70
ncldns1.ncl.edu.tw.	1800	IN	A	192.192.58.70
ncldns2.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:212
ncldns2.ncl.edu.tw.	1800	IN	A	192.83.186.212
nclsearch.ncl.edu.tw.	1800	IN	A	192.83.186.22
nclsys.ncl.edu.tw.	1800	IN	A	192.83.186.28
ncr3350.ncl.edu.tw.	1800	IN	A	192.83.186.114
ndltd.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:62
ndltd.ncl.edu.tw.	1800	IN	A	192.83.186.62
ndltdcc.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:64
ndltdcc.ncl.edu.tw.	1800	IN	A	192.83.186.64
net04.ncl.edu.tw.	1800	IN	A	192.83.186.4
netflow.ncl.edu.tw.	1800	IN	CNAME	net04.ncl.edu.tw.
news.ncl.edu.tw.	1800	IN	A	192.192.58.96
news8080.ncl.edu.tw.	1800	IN	A	192.192.58.96
newsdb.ncl.edu.tw.	1800	IN	A	192.83.186.215
nmail1.ncl.edu.tw.	1800	IN	A	192.83.186.38
perio.ncl.edu.tw.	1800	IN	A	192.83.186.118
r6sp.ncl.edu.tw.	1800	IN	A	192.83.186.1
rarebook.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::58:242
rarebook.ncl.edu.tw.	1800	IN	A	192.192.58.242
rbook2.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:126
rbook2.ncl.edu.tw.	1800	IN	A	192.83.186.126
read.ncl.edu.tw.	1800	IN	A	192.83.186.115
readncl.ncl.edu.tw.	1800	IN	CNAME	read.ncl.edu.tw.
readopac.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::58:101
readopac.ncl.edu.tw.	1800	IN	A	192.192.58.101
readopac1.ncl.edu.tw.	1800	IN	A	192.83.186.101
readopac2.ncl.edu.tw.	1800	IN	A	192.83.186.128
readopac3.ncl.edu.tw.	1800	IN	A	192.192.58.196
readtwyl.ncl.edu.tw.	1800	IN	CNAME	w1.ncl.edu.tw.
ref.ncl.edu.tw.		1800	IN	AAAA	2001:288:105:1::58:111
ref.ncl.edu.tw.		1800	IN	A	192.192.58.111
refbook.ncl.edu.tw.	1800	IN	CNAME	folklore.ncl.edu.tw.
reffaq.ncl.edu.tw.	1800	IN	CNAME	vrt.ncl.edu.tw.
refreg.ncl.edu.tw.	1800	IN	CNAME	vrt.ncl.edu.tw.
rrc.ncl.edu.tw.		1800	IN	A	192.83.186.120
s50.ncl.edu.tw.		1800	IN	A	192.83.186.2
scc.ncl.edu.tw.		1800	IN	AAAA	2001:288:105:1::186:32
scc.ncl.edu.tw.		1800	IN	A	192.83.186.32
sgp.ncl.edu.tw.		1800	IN	CNAME	twinfo.ncl.edu.tw.
sod.ncl.edu.tw.		1800	IN	A	192.83.186.240
sodsys.ncl.edu.tw.	1800	IN	CNAME	inclsys.ncl.edu.tw.
spreserve.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:120
spreserve.ncl.edu.tw.	1800	IN	A	192.83.186.120
sr.ncl.edu.tw.		1800	IN	AAAA	2001:288:105:1::186:120
sr.ncl.edu.tw.		1800	IN	A	192.83.186.120
sso.ncl.edu.tw.		1800	IN	A	192.83.186.234
stat.ncl.edu.tw.	1800	IN	CNAME	twinfo.ncl.edu.tw.
streaming.ncl.edu.tw.	1800	IN	A	192.192.58.167
study.ncl.edu.tw.	1800	IN	CNAME	aac.ncl.edu.tw.
studyroom.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:7
studyroom.ncl.edu.tw.	1800	IN	A	192.83.186.7
sun5000.ncl.edu.tw.	1800	IN	A	192.192.58.101
sutdyroom.ncl.edu.tw.	1800	IN	CNAME	w1.ncl.edu.tw.
tainews.ncl.edu.tw.	1800	IN	A	192.192.58.97
taipeidoc.ncl.edu.tw.	1800	IN	A	192.83.186.225
tair.ncl.edu.tw.	1800	IN	CNAME	folklore.ncl.edu.tw.
taiwanfellowship.ncl.edu.tw. 1800 IN	CNAME	ccs30.ncl.edu.tw.
tbmc.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::58:94
tbmc.ncl.edu.tw.	1800	IN	A	192.192.58.94
tci.ncl.edu.tw.		1800	IN	AAAA	2001:288:105:1::186:15
tci.ncl.edu.tw.		1800	IN	A	192.83.186.15
tcihss.ncl.edu.tw.	1800	IN	A	192.83.186.15
tmdb.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:224
tmdb.ncl.edu.tw.	1800	IN	A	192.83.186.224
tnbnet.ncl.edu.tw.	1800	IN	A	192.192.58.247
tnbser.ncl.edu.tw.	1800	IN	A	192.192.58.246
topic.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:77
topic.ncl.edu.tw.	1800	IN	A	192.83.186.77
tps.ncl.edu.tw.		1800	IN	A	192.192.58.171
trccs.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::58:120
trccs.ncl.edu.tw.	1800	IN	A	192.192.58.120
trf.ncl.edu.tw.		1800	IN	AAAA	2001:288:105:1::186:120
trf.ncl.edu.tw.		1800	IN	A	192.83.186.120
trf2014.ncl.edu.tw.	1800	IN	A	192.83.186.120
trfv.ncl.edu.tw.	1800	IN	A	192.83.186.151
twcna.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:91
twcna.ncl.edu.tw.	1800	IN	A	192.83.186.91
twinfo.ncl.edu.tw.	1800	IN	A	192.83.186.39
twinfo2.ncl.edu.tw.	1800	IN	A	192.192.58.81
unicode.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:182
unicode.ncl.edu.tw.	1800	IN	A	192.83.186.182
union.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::58:93
union.ncl.edu.tw.	1800	IN	A	192.192.58.93
urica.ncl.edu.tw.	1800	IN	A	192.83.186.210
vod.ncl.edu.tw.		1800	IN	A	192.192.58.102
vr.ncl.edu.tw.		1800	IN	AAAA	2001:288:105:1::186:18
vr.ncl.edu.tw.		1800	IN	A	192.83.186.151
vrt.ncl.edu.tw.		1800	IN	A	192.192.58.111
w1.ncl.edu.tw.		1800	IN	A	192.83.186.7
web20.ncl.edu.tw.	1800	IN	A	192.192.58.154
webarchive.ncl.edu.tw.	1800	IN	AAAA	2001:288:105:1::186:35
webarchive.ncl.edu.tw.	1800	IN	A	192.83.186.151
webeng.ncl.edu.tw.	1800	IN	A	192.192.58.93
websearch.ncl.edu.tw.	1800	IN	CNAME	www.ncl.edu.tw.
wenhsun.ncl.edu.tw.	1800	IN	A	192.83.186.151
www.ncl.edu.tw.		1800	IN	AAAA	2001:288:105:1::186:29
www.ncl.edu.tw.		1800	IN	A	192.83.186.6
www2.ncl.edu.tw.	1800	IN	CNAME	www.ncl.edu.tw.
www2008.ncl.edu.tw.	1800	IN	A	192.83.186.30
wwworg.ncl.edu.tw.	1800	IN	A	192.83.186.206
ncl.edu.tw.		1800	IN	SOA	ncldns1.ncl.edu.tw. root.ncl.edu.tw. 2015012801 1800 900 2419200 10800
;; Query time: 1234 msec
;; SERVER: 192.83.186.212#53(192.83.186.212)
;; WHEN: Sun Feb  8 19:00:42 2015
;; XFR size: 254 records (messages 1, bytes 6006)

漏洞证明：

其他：

修复方案：

限制访问

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：8

确认时间：2015-02-15 16:24

厂商回复：

謝謝通報

WooYun.org

漏洞概要关注数(24) 关注此漏洞

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

版权声明：转载请注明来源路人甲@乌云