漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2010-0837
漏洞标题:pplive dns域传送漏洞
相关厂商:pplive
漏洞作者: xiao.D
提交时间:2010-11-15 17:04
修复时间:2010-11-16 10:47
公开时间:2010-11-16 10:47
漏洞类型:网络敏感信息泄漏
危害等级:中
自评Rank:10
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2010-11-15: 积极联系厂商并且等待厂商认领中,细节不对外公开
2010-11-16: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
pplive dns域传送漏洞
详细说明:
由于pplive Dns服务器配置不当,导致所有域名dns泄露,可能引起进一步的入侵
漏洞证明:
> server dns2.pplive.com
Default Server: dns2.pplive.com
Address: 61.155.8.22
> ls pplive.com
[dns2.pplive.com]
pplive.com. NS server = dns1.pplive.co
pplive.com. NS server = dns2.pplive.co
pplive.com. A 59.151.34.25
114 A 60.28.216.213
mail.ads A 114.80.105.131
adtracker A 60.28.216.195
afvm A 59.151.34.52
awind A 61.155.8.17
bbox A 61.155.8.18
bbs A 121.11.252.149
beauty A 61.155.8.18
bkm A 221.204.241.105
caipiao A 60.28.216.195
campus2008 A 59.151.34.10
chinajoy A 59.151.34.33
christmas A 60.28.216.195
chunwan A 61.155.166.49
cms3 A 114.80.105.201
cms4 A 114.80.105.202
coh-sc A 60.28.216.195
cool A 60.235.21.31
cooperation A 60.28.216.145
crash A 220.165.14.11
crr A 221.204.241.85
das A 59.151.34.10
demo3 A 114.80.105.201
dns1 A 59.151.34.45
dns2 A 61.155.8.22
dns4 A 58.211.1.207
dns5 A 59.151.34.34
dns6 A 61.155.8.13
eshop A 61.155.8.5
fglady A 61.155.8.18
g A 60.28.216.195
s1.coh.g A 58.215.91.108
JL1.g A 61.160.192.205
jl2.g A 61.160.192.15
jl3.g A 61.160.192.205
pay.lc.g A 121.9.210.165
修复方案:
设定安全的区域传送或者禁用区域传送
版权声明:转载请注明来源 xiao.D@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:5 (WooYun评价)