漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2013-039704
漏洞标题:金融界# DNS域传送漏洞一枚
相关厂商:www.jrj.com.cn
漏洞作者: 爱上平顶山
提交时间:2013-10-16 19:11
修复时间:2013-11-30 19:12
公开时间:2013-11-30 19:12
漏洞类型:系统/服务运维配置不当
危害等级:中
自评Rank:6
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2013-10-16: 积极联系厂商并且等待厂商认领中,细节不对外公开
2013-11-30: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
0.0
详细说明:
金融界# DNS域传送漏洞一枚
C:\Users\Administrator>nslookup
默认服务器: google-public-dns-a.google.com
Address: 8.8.8.8
> set type=ns
> jrj.com.cn
服务器: google-public-dns-a.google.com
Address: 8.8.8.8
非权威应答:
jrj.com.cn nameserver = dns1.jrj.com.cn
jrj.com.cn nameserver = dns.jrj.com.cn
> server dns1.jrj.com.cn
默认服务器: dns1.jrj.com.cn
Address: 123.126.155.110
>ls jrj.com.cn (很多的。。。)
.
.
dhqxsupport A 221.204.223.25
djcremote A 211.157.29.46
djcremote A 211.157.29.98
djcservice A 211.157.28.213
dns A 117.121.12.110
dns1 A 123.126.155.110
docs A 59.151.114.88
ebook A 172.16.1.242
ebscn A 59.151.114.83
ebscngd A 59.151.114.83
ejournal A 211.157.29.20
elf A 211.157.29.20
email A 59.151.53.51
emoney A 202.109.107.50
estock A 211.157.29.20
f1 A 59.151.53.114
f2 A 59.151.53.114
f3 A 59.151.53.114
fdhk A 117.121.12.23
fe A 211.157.29.38
17da.finance A 123.126.155.54
love.finance A 59.151.114.128
firstidea1 A 221.204.223.25
fisheye A 172.16.1.239
flashapp A 59.151.53.161
flashdata A 59.151.53.118
home.flashdata2 A 117.121.12.23
flashinfo A 117.121.12.15
flv1 A 59.151.53.116
flvkf A 59.151.53.116
freeremote A 59.151.114.214
front A 117.121.12.28
fund3 A 124.74.192.21
fundss A 211.157.29.71
fundtrade A 59.151.114.131
g A 59.151.114.78
gd A 59.151.114.120
getimg A 117.121.12.81
global NS server = bjdns1.jrj.com.cn
go108 A 124.232.145.36
gqfz A 211.157.29.20
gslb NS server = gtm1.jrj.com.cn
gslb NS server = gtm2.jrj.com.cn
gtm1 A 117.121.12.200
gtm2 A 202.96.223.90
gx A 124.74.192.33
appbbs.hd A 117.121.12.65
hdmonitor A 117.121.12.57
ltp.hk A 59.151.114.112
share.hk A 117.121.12.30
summary.hk A 59.151.114.90
hk1 A 117.121.12.55
hkchart A 117.121.12.30
hkplugin A 59.151.53.158
hkquote A 59.151.114.38
homepage A 59.151.52.30
hq A 211.157.29.38
data.hqquery A 117.121.12.87
hk.hqquery A 117.121.12.23
hshare A 211.157.29.38
html A 59.151.53.110
hubei A 124.74.192.33
hunan A 124.74.192.33
hyp A 59.151.53.213
i A 117.121.12.28
*.i A 117.121.12.28
ifund A 117.121.12.74
*.ifund A 117.121.12.74
info A 211.157.29.38
innersso A 117.121.12.135
siebre.insurance A 61.172.245.196
insurance1 A 117.121.12.30
inter A 211.157.29.20
interview A 211.157.29.38
invest A 117.121.12.30
ipadms A 117.121.12.145
ipages A 117.121.12.143
iphone A 59.151.53.122
iphone1 A 59.151.53.174
iphonems A 117.121.12.145
irsipad A 202.109.99.31
irsipadvip A 202.109.106.97
isearch A 59.151.53.12
iservices A 117.121.12.142
isou A 59.151.53.133
issue A 211.157.29.38
istock A 117.121.12.74
*.istock A 117.121.12.74
iv A 59.151.7.17
iwealthpad A 117.121.12.149
iwealthpad1 A 117.121.12.144
iwin A 123.126.155.54
jczdremote A 211.157.29.99
jczdremote A 211.157.29.146
jin A 202.109.106.47
jinsoo A 117.121.12.136
jira A 172.16.1.249
jjcms A 59.151.53.146
jrjbond A 211.157.29.38
jrjspi A 211.157.29.39
js2 A 117.121.12.120
jshq A 59.151.7.51
kaihu A 117.121.12.99
kyxsupport A 221.204.223.25
law A 211.157.29.11
leadership A 123.126.155.54
leadership1 A 211.157.29.20
leavewordadmin A 211.157.29.41
level1 A 59.151.53.178
level2 A 117.121.12.97
loan A 117.121.12.30
login A 211.157.29.28
m A 117.121.12.121
cms.m A 59.151.53.178
interface.m A 59.151.114.100
v.m A 117.121.12.129
www.m A 123.126.155.54
makedetail A 59.151.52.30
makelist A 59.151.52.28
market A 124.74.192.20
mis A 211.157.29.107
mix A 59.151.114.101
mobilead A 117.121.12.93
315.money A 117.121.12.30
msgadmin A 117.121.12.28
mv A 59.151.53.136
mvnet A 117.121.12.122
myinfo A 211.157.29.107
myjrj A 117.12.12.28
mysayadmin A 59.151.114.46
newbbs A 117.121.12.56
news1 A 117.121.12.54
news2 A 117.121.12.54
news3 A 117.121.12.16
ngdcs A 211.157.29.16
ns A 117.121.12.110
ns1 A 123.126.155.110
oa A 172.31.1.5
test.oa A 192.168.1.140
oem A 202.109.107.73
olap A 59.151.114.158
openfund A 117.121.12.30
outsso A 124.74.192.21
p5w A 211.157.29.20
passport A 117.121.12.28
pay A 117.121.12.119
payment-test A 211.157.29.160
person A 211.157.29.16
pic A 117.121.12.99
pic007 A 124.74.192.107
plnum A 117.121.12.30
plus A 59.151.114.133
popwin A 59.151.114.99
preview A 59.151.52.24
dhqdt.product A 117.121.12.112
investinfosys.product A 211.157.28.213
products1 A 124.74.192.31
qhds A 117.121.12.16
quamnet A 211.157.29.11
quickfreeandroid A 117.121.12.145
quickiphone A 117.121.12.139
quickwin A 211.157.28.217
quote A 59.151.53.112
qw A 221.204.223.4
qwremote A 211.157.29.97
qwremote A 211.157.29.180
qxt A 124.74.192.30
ref A 211.157.29.17
region A 211.157.29.11
research A 59.151.7.43
rss A 117.121.12.55
rssapi A 117.121.12.55
salon A 117.121.12.28
admin.salon A 117.121.12.28
sdc A 117.121.12.116
sdc1 A 59.151.114.87
sdc2 A 117.121.12.91
sdc2p001 A 59.151.53.211
sdc2p002 A 59.151.53.211
sdc3 A 117.121.12.60
sdcana A 59.151.53.209
sdcana1 A 59.151.53.209
sdcdb A 117.121.12.161
sdcsto A 59.151.53.208
sdcsts A 202.109.106.103
sdctest1 A 59.151.114.195
sdctest2 A 59.151.114.196
sdm A 211.157.29.48
search A 117.121.12.147
seotest A 59.151.53.111
service A 123.126.155.54
file.service A 117.121.12.28
admin.file.service A 117.121.12.28
qwinzj.service A 211.157.29.25
share A 117.121.12.30
jy.share A 117.121.12.23
sq.share A 117.121.12.87
shooter A 211.157.29.16
shop A 117.121.12.16
shquickiphone A 202.109.106.97
shstockstar A 202.109.106.97
sichuan A 124.74.192.33
sif A 211.157.29.20
sms A 123.126.155.54
download.sms A 202.109.107.123
soft A 211.157.29.35
spbjandroid A 117.121.12.145
spshandroid A 202.109.106.139
sso A 117.121.12.141
sso1 A 211.157.28.199
summary.stock A 59.151.53.135
stockstar A 202.109.106.4
subject A 123.126.155.54
center.summary A 59.151.53.122
survey A 117.121.12.30
sw A 117.121.12.138
swzg A 117.121.12.118
sxlevel2 A 221.204.223.14
sxqw A 221.204.223.14
szquickiphone A 117.121.12.139
t A 117.121.12.5
taobao A 117.121.12.28
app.taobao A 117.121.12.28
s.taobao A 59.151.114.86
tasks A 59.151.114.88
template A 59.151.52.24
test A 211.157.29.54
testgz A 211.157.29.148
tjunion A 59.151.53.186
topology A 172.31.1.5
topview A 211.157.28.217
tp A 117.121.12.28
tvsohu A 211.157.28.217
user A 211.157.29.107
share.usstock A 59.151.53.119
usstock1 A 117.121.12.54
view A 211.157.29.38
vip A 211.157.29.28
vnet A 117.121.12.54
vnetcj A 123.126.155.54
vnetsso A 124.74.192.21
vote A 59.151.53.150
vpn A 119.253.46.242
vstock A 117.121.12.146
app.vstock A 211.157.28.235
appwar.vstock A 211.157.28.236
wap A 59.151.114.78
wapcms A 117.121.12.28
wapservice A 117.121.12.125
wave A 211.157.29.16
web A 211.157.29.38
web1 A 211.157.29.16
web2 A 211.157.29.20
web3 A 117.121.12.16
web4 A 211.157.29.51
web5 A 117.121.12.16
web6 A 59.151.114.90
web7 A 117.121.12.23
web8 A 117.121.12.16
web9 A 59.151.53.203
wengu A 117.121.12.28
widget A 121.52.217.160
wiki A 172.16.1.248
win A 117.121.12.146
anhui.win A 59.151.53.167
fetion.win A 59.151.53.167
guangdong.win A 59.151.53.167
guangxi.win A 59.151.53.167
guizhou.win A 59.151.53.167
hubei.win A 59.151.53.167
hunan.win A 59.151.53.167
jiangxi.win A 59.151.53.167
shanxi.win A 59.151.53.167
sichuan.win A 59.151.53.167
tianjin.win A 59.151.53.167
winbind A 211.157.29.52
windows A 211.157.29.101
windows1 A 211.157.29.110
windows1 A 211.157.29.111
windows1 A 211.157.29.112
windows1 A 211.157.29.115
windows1 A 211.157.29.116
winfutures A 117.121.12.146
winmobile A 59.151.53.149
winstock A 202.109.106.83
wiwadmin A 59.151.52.18
wo A 59.151.53.185
gd.wo A 59.151.114.129
wt A 172.16.164.100
www1 A 117.121.12.16
x A 117.121.12.28
xiazai A 211.157.29.107
yndx A 124.74.192.30
zenoss A 123.126.155.2
zgmf A 117.121.12.117
admin.zhibo A 117.121.12.28
zt A 59.151.114.39
zzcms A 59.151.52.51
zzsso A 211.157.5.119
>
漏洞证明:
如上。
修复方案:
改。
版权声明:转载请注明来源 爱上平顶山@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝