当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2011-02131

漏洞标题:皮皮网DNS区域传送

相关厂商:皮皮网

漏洞作者: 云士

提交时间:2011-05-18 11:55

修复时间:2011-05-23 12:00

公开时间:2011-05-23 12:00

漏洞类型:网络敏感信息泄漏

危害等级:中

自评Rank:10

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2011-05-18: 细节已通知厂商并且等待厂商处理中
2011-05-23: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

pipi.cn存在dns区域传送漏洞

详细说明:

ns.pipi.cn和ns.ppfilm.cn存在问题导致dns区域传送

漏洞证明:

[ns.ppfilm.cn]
 pipi.cn.                       NS     server = ns.pipi.cn
 pipi.cn.                       NS     server = ns.ppfilm.cn
 pipi.cn.                       A      218.60.34.69
 *                              A      218.60.34.69
 139live                        A      218.206.31.132
 139livefind                    A      218.206.31.132
 139liveimg                     A      218.206.31.132
 139liveuser                    A      218.206.31.132
 51tv                           A      124.160.57.5
 51tvadmin                      A      124.160.57.5
 51tvimg                        A      124.160.57.5
 51tvuser                       A      124.160.57.5
 act                            A      60.12.226.211
 admin                          A      60.191.110.154
 admin3                         A      61.153.180.236
 allinone                       A      60.190.236.35
 ask                            A      60.191.110.154
 bbs                            A      124.160.57.8
 bbvod                          A      124.160.57.5
 bbvodadmin                     A      124.160.57.5
 bbvodimg                       A      124.160.57.5
 bbvoduser                      A      124.160.57.5
 bk                             A      122.224.6.111
 chinablue                      A      122.227.214.43
 chinablue                      A      122.227.214.44
 clientwww                      A      60.190.236.35
 count                          A      61.130.11.217
 count1                         A      124.67.20.40
 cp                             A      122.225.105.120
 disp                           A      60.191.110.140
 dl                             A      124.67.20.38
 dl                             A      124.67.20.42
 dl                             A      124.67.20.43
 dl                             A      124.67.20.44
 dl                             A      124.67.20.45
 dl                             A      124.67.20.46
 dns1                           A      60.191.110.154
 dns11                          A      60.191.110.154
 dns12                          A      60.191.110.158
 dns2                           A      60.191.110.158
 dns3                           A      60.191.110.150
 dns4                           A      60.191.110.153
 emba                           A      101.68.218.6
 embaadmin                      A      101.68.218.6
 embaimg                        A      101.68.218.6
 embaupload                     A      101.68.218.6
 embauser                       A      101.68.218.6
 ent                            A      218.60.34.69
 entuser                        A      60.12.226.211
 everyone                       A      61.130.11.218
 find                           A      124.67.20.41
 find                           A      218.60.34.75
 game                           A      112.91.31.14
 gameadmin                      A      112.91.31.14
 gameas1                        A      220.181.122.137
 gamedownload                   A      112.91.31.107
 gameserver                     A      112.91.31.108
 gameuser                       A      112.91.31.14
 hao                            A      60.190.219.119
 hash                           A      124.160.115.18
 hb165                          A      113.57.255.57
 hbol                           A      124.160.57.5
 hboladmin                      A      124.160.57.5
 hbolimg                        A      124.160.57.5
 hboluser                       A      124.160.57.5
 home                           A      60.12.117.120
 homeadmin                      A      60.12.117.120
 homeimg                        A      60.12.117.120
 homeupload                     A      60.12.117.120
 homeuser                       A      60.12.117.120
 html                           A      60.12.226.223
 huajunadmin                    A      60.191.110.154
 hzcnc                          A      124.160.57.5
 hzcncimg                       A      124.160.57.5
 img                            A      218.60.34.74
 img                            A      218.60.34.76
 jhfy                           A      122.225.96.175
 jiangsu                        A      221.130.28.192
 jiangsufind                    A      221.130.28.192
 jiangsuimg                     A      221.130.28.192
 jiangsuuser                    A      221.130.28.192
 kamun                          A      60.12.147.234
 kb                             A      218.60.34.78
 key                            A      124.160.57.8
 ku6                            A      124.160.57.5
 ku6img                         A      124.160.57.5
 live                           A      60.190.219.119
 localhost                      A      127.0.0.1
 mail                           A      60.191.110.143
 mini                           A      218.60.34.78
 mini                           A      218.60.34.79
 model                          A      218.60.34.69
 monitor                        A      211.161.224.241
 netmovie                       A      124.160.57.5
 netmovieadmin                  A      124.160.57.5
 netmovieimg                    A      124.160.57.5
 netmovieuser                   A      124.160.57.5
 new                            A      121.12.120.7
 ns                             A      60.191.110.154
 pop3                           A      60.191.110.143
 popadmin                       A      60.191.110.151
 qb                             A      122.224.6.111
 qian                           A      218.60.34.82
 qipai                          A      112.91.31.14
 query                          A      60.12.117.10
 query                          A      60.12.117.12
 recommend                      A      124.160.115.3
 reg                            A      124.160.115.5
 rxsg1                          A      60.12.104.146
 rzsg1                          A      60.12.104.146
 shop                           A      101.68.218.6
 shopadmin                      A      101.68.218.6
 smtp                           A      60.191.110.143
 snsimg                         A      60.12.117.120
 sp                             A      60.190.219.119
 stat                           A      124.160.115.2
 stat                           A      124.160.115.4
 stat                           A      124.160.115.6
 stat                           A      124.160.115.7
 stat                           A      124.160.115.8
 stat                           A      124.160.115.9
 stat                           A      124.160.115.10
 statquery                      A      60.12.226.121
 stun                           A      60.12.117.10
 stun                           A      60.12.117.12
 stun                           A      124.160.115.23
 stun                           A      124.160.115.26
 t1                             A      124.160.115.2
 t10                            A      124.160.115.11
 t11                            A      124.160.115.12
 t12                            A      124.160.115.13
 t13                            A      124.160.115.14
 t14                            A      124.160.115.15
 t15                            A      124.160.115.16
 t16                            A      124.160.115.17
 t17                            A      124.160.115.2
 t18                            A      124.160.115.2
 t2                             A      124.160.115.3
 t3                             A      124.160.115.4
 t4                             A      124.160.115.5
 t5                             A      124.160.115.6
 t6                             A      124.160.115.7
 t7                             A      124.160.115.8
 t8                             A      124.160.115.9
 t9                             A      124.160.115.10
 test                           A      61.130.11.218
 uc                             A      124.160.114.150
 udpecho                        A      60.12.117.10
 udpecho                        A      60.12.117.12
 udpecho                        A      124.160.115.23
 udpecho                        A      124.160.115.26
 union                          A      61.130.11.218
 user                           A      218.60.34.71
 user                           A      218.60.34.72
 user                           A      218.60.34.78
 user                           A      218.60.34.79
 usportnews                     A      124.160.57.5
 usportnewsadmin                A      124.160.57.5
 usportnewsimg                  A      124.160.57.5
 usportnewsuser                 A      124.160.57.5
 v                              A      122.228.201.76
 video                          A      60.12.226.211
 www                            A      218.60.34.69
 www                            A      218.60.34.70
 www                            A      218.60.34.71
 www                            A      218.60.34.72
 www                            A      218.60.34.80
 www                            A      218.60.34.81
 www3                           A      60.190.236.35
 xiaonei                        A      61.153.183.56
 xiaovi                         A      218.108.64.60
 xihu                           A      61.130.11.217
 xintv                          A      124.160.57.5
 xintvadmin                     A      124.160.57.5
 xintvimg                       A      124.160.57.5
 xintvuser                      A      124.160.57.5
 zj                             A      60.191.110.158
 zlvod                          A      124.160.57.5
 zlvodadmin                     A      124.160.57.5
 zlvodimg                       A      124.160.57.5
 zlvoduser                      A      124.160.57.5

修复方案:

版权声明:转载请注明来源 云士@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2011-05-23 12:00

厂商回复:

漏洞Rank:7 (WooYun评价)

最新状态:

2011-05-23:感谢提醒,已改进,为了安全起见,是否可以把具体IP信息清除掉?或者只显示前面几行?