漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0102672
漏洞标题:某大型网络商城主域名存在dns区域传送漏洞
相关厂商:m6go.com
漏洞作者: 路人甲
提交时间:2015-03-20 20:34
修复时间:2015-05-04 20:36
公开时间:2015-05-04 20:36
漏洞类型:网络敏感信息泄漏
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-03-20: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-05-04: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
dns 区域传送漏洞
Dns是整个互联网公司业务的基础,目前越来越多的互联网公司开始自己搭建DNS服务器做解析服务,同时由于DNS服务是基础性服务非常重要,因此很多公司会对DNS服务器进行主备配置而DNS主备之间的数据同步就会用到dns域传送,但如果配置不当,就会导致任何匿名用户都可以获取DNS服务器某一域的所有记录,将整个企业的基础业务以及网络架构对外暴露从而造成严重的信息泄露,甚至导致企业网络被渗透。
详细说明:
Failed loading keyfile './.ssh/rootroot'
android@localhost's password:
Linux localhost 3.4.0-g3720aca-00015-gdbb7ce9 #1 SMP PREEMPT Thu Nov 21 10:30:26 CST 2013 armv7l
Kali GNU/Linux 1.1.0 (moto) [running on Android via Linux Deploy]
Last login: Mon Mar 16 09:09:48 2015 from localhost
android@localhost:~$ sudo su
root@localhost:/home/android# dnsenum m6go.com
dnsenum.pl VERSION:1.2.3
----- m6go.com -----
Host's addresses:
__________________
m6go.com. 3564 IN A 60.28.204.216
Wildcard detection using: lesrxtolgqag
_______________________________________
lesrxtolgqag.m6go.com. 3600 IN A 60.28.220.134
!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Wildcards detected, all subdomains will point to the same IP address
Omitting results containing 60.28.220.134.
Maybe you are using OpenDNS servers.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Name Servers:
______________
ns1.0-6.com. 576 IN A 60.28.217.134
ns4.0-6.com. 576 IN A 60.28.217.138
Mail (MX) Servers:
___________________
mail1.m6go.com. 3600 IN A 222.222.193.227
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
Trying Zone Transfer for m6go.com on ns4.0-6.com ...
m6go.com. 3600 IN SOA svctag-78s8g2x.
m6go.com. 3600 IN A 60.28.204.216
m6go.com. 3600 IN NS ns1.0-6.com.
m6go.com. 3600 IN NS ns4.0-6.com.
m6go.com. 3600 IN MX 10
m6go.com. 3600 IN MX 10
m6go.com. 3600 IN TXT "v=spf1
ns1.0-6.com. 3600 IN A 60.28.217.134
ns4.0-6.com. 3600 IN A 60.28.217.134
ns4.0-6.com. 3600 IN A 60.28.217.138
*.m6go.com. 3600 IN A 60.28.220.134
212api.m6go.com. 3600 IN A 60.28.204.212
212pay.m6go.com. 3600 IN A 60.28.204.212
212search.m6go.com. 3600 IN A 60.28.204.212
212shopadmin.m6go.com. 3600 IN A 60.28.204.212
212www.m6go.com. 3600 IN A 60.28.204.212
213api.m6go.com. 3600 IN A 60.28.204.213
213pay.m6go.com. 3600 IN A 60.28.204.213
213search.m6go.com. 3600 IN A 60.28.204.213
213shopadmin.m6go.com. 3600 IN A 60.28.204.213
213www.m6go.com. 3600 IN A 60.28.204.213
214api.m6go.com. 3600 IN A 60.28.204.214
214pay.m6go.com. 3600 IN A 60.28.204.214
214search.m6go.com. 3600 IN A 60.28.204.214
214shopadmin.m6go.com. 3600 IN A 60.28.204.214
214www.m6go.com. 3600 IN A 60.28.204.214
217m.m6go.com. 3600 IN A 60.28.204.217
217malladmin.m6go.com. 3600 IN A 60.28.204.217
217t1malladmin.m6go.com. 3600 IN A 60.28.204.217
217t1www.m6go.com. 3600 IN A 60.28.204.217
217t2malladmin.m6go.com. 3600 IN A 60.28.204.217
217t2www.m6go.com. 3600 IN A 60.28.204.217
217www.m6go.com. 3600 IN A 60.28.204.217
21www.m6go.com. 3600 IN A 60.28.203.21
22www.m6go.com. 3600 IN A 60.28.203.22
23www.m6go.com. 3600 IN A 60.28.203.23
24www.m6go.com. 3600 IN A 60.28.203.24
25www.m6go.com. 3600 IN A 60.28.203.25
26www.m6go.com. 3600 IN A 60.28.203.26
27m.m6go.com. 3600 IN A 60.28.203.27
27www.m6go.com. 3600 IN A 60.28.203.27
28www.m6go.com. 3600 IN A 60.28.203.28
29www.m6go.com. 3600 IN A 60.28.203.29
_ssp._domainkey.m6go.com. 3600 IN TXT "dkim=strict"
mdaemon._domainkey.m6go.com. 3600 IN TXT "v=DKIM1\;
api.m6go.com. 3600 IN A 60.28.220.134
sandbox.api.m6go.com. 3600 IN A 124.202.197.150
testbox.api.m6go.com. 3600 IN A 60.28.204.217
baolei.m6go.com. 3600 IN A 60.28.203.20
channel.m6go.com. 3600 IN A 60.28.220.134
217event.m6go.com.m6go.com. 3600 IN A 60.28.204.217
testbox.sms.m6go.com.m6go.com. 3600 IN A 60.28.204.217
tm.m6go.com.m6go.com. 3600 IN CNAME test.m6go.com.
corp.m6go.com. 3600 IN MX 10
corp.m6go.com. 3600 IN TXT "v=spf1
db.m6go.com. 3600 IN A 60.28.217.132
edm.m6go.com. 3600 IN MX 5
edm.m6go.com. 3600 IN TXT "v=spf1include:easeye-edm.com-all"
email.m6go.com. 3600 IN MX 10
email.m6go.com. 3600 IN TXT "1bf95adf-e187-49ac-af76-6a39b98c3099-1418196279351"
email.m6go.com. 3600 IN TXT "v=spf1
mail._domainkey.email.m6go.com. 3600 IN TXT "k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCNpSkZXIF17+AZuDkwHWstHMmz"
sctrack.email.m6go.com. 3600 IN CNAME track.sendcloud.org.
event.m6go.com. 3600 IN A 60.28.204.212
testbox.event.m6go.com. 3600 IN A 60.28.204.217
file.m6go.com. 3600 IN CNAME file.m6go.com.wscdns.com.
file1.m6go.com. 3600 IN CNAME file1.m6go.com.wscdns.com.
file2.m6go.com. 3600 IN CNAME file2.m6go.com.wscdns.com.
file3.m6go.com. 3600 IN CNAME file3.m6go.com.wscdns.com.
file4.m6go.com. 3600 IN CNAME file4.m6go.com.wscdns.com.
file5.m6go.com. 3600 IN CNAME file5.m6go.com.wscdns.com.
file6.m6go.com. 3600 IN CNAME file6.m6go.com.wscdns.com.
file7.m6go.com. 3600 IN CNAME file7.m6go.com.wscdns.com.
file8.m6go.com. 3600 IN CNAME file8.m6go.com.wscdns.com.
file9.m6go.com. 3600 IN CNAME file9.m6go.com.wscdns.com.
hapi.m6go.com. 3600 IN A 127.0.0.1
hit.m6go.com. 3600 IN A 60.28.220.134
hmalladmin.m6go.com. 3600 IN A 127.0.0.1
hshopadmin.m6go.com. 3600 IN A 127.0.0.1
hwww.m6go.com. 3600 IN A 127.0.0.1
info.m6go.com. 3600 IN A 60.28.217.133
linktrace.m6go.com. 3600 IN CNAME trace.easeye.com.cn.
m.m6go.com. 3600 IN A 60.28.220.134
212api.m.m6go.com. 3600 IN A 60.28.204.212
212pay.m.m6go.com. 3600 IN A 60.28.204.212
213api.m.m6go.com. 3600 IN A 60.28.204.213
213pay.m.m6go.com. 3600 IN A 60.28.204.213
214api.m.m6go.com. 3600 IN A 60.28.204.214
214pay.m.m6go.com. 3600 IN A 60.28.204.214
217sandbox.m.m6go.com. 3600 IN A 60.28.204.217
27api.m.m6go.com. 3600 IN A 60.28.203.27
28api.m.m6go.com. 3600 IN A 60.28.203.28
api.m.m6go.com. 3600 IN A 60.28.220.134
217sandbox.api.m.m6go.com. 3600 IN A 60.28.204.217
sandbox.api.m.m6go.com. 3600 IN A 124.202.197.150
testbox.api.m.m6go.com. 3600 IN A 60.28.204.217
pay.m.m6go.com. 3600 IN A 60.28.204.218
testbox.pay.m.m6go.com. 3600 IN A 60.28.204.217
sandbox.m.m6go.com. 3600 IN A 124.202.197.150
sandbox1.m.m6go.com. 3600 IN A 124.202.197.150
t1api.m.m6go.com. 3600 IN CNAME test.m6go.com.
t1pay.m.m6go.com. 3600 IN CNAME test.m6go.com.
t2api.m.m6go.com. 3600 IN CNAME test.m6go.com.
t2pay.m.m6go.com. 3600 IN CNAME test.m6go.com.
t3api.m.m6go.com. 3600 IN CNAME test.m6go.com.
t3pay.m.m6go.com. 3600 IN CNAME test.m6go.com.
tapi.m.m6go.com. 3600 IN CNAME test.m6go.com.
testbox.m.m6go.com. 3600 IN A 60.28.204.217
testsandbox.m.m6go.com. 3600 IN A 60.28.204.217
tpay.m.m6go.com. 3600 IN CNAME test.m6go.com.
mail.m6go.com. 3600 IN MX 10
mail.m6go.com. 3600 IN TXT "v=spf1
mx.mail.m6go.com. 3600 IN A 60.28.213.184
mx.mail.m6go.com. 3600 IN A 60.28.213.185
mx.mail.m6go.com. 3600 IN A 60.28.213.186
mx.mail.m6go.com. 3600 IN A 60.28.213.187
mx.mail.m6go.com. 3600 IN A 60.28.213.188
mx.mail.m6go.com. 3600 IN A 60.28.213.189
mx.mail.m6go.com. 3600 IN A 60.28.213.180
mx.mail.m6go.com. 3600 IN A 60.28.213.181
mx.mail.m6go.com. 3600 IN A 60.28.213.182
mx.mail.m6go.com. 3600 IN A 60.28.213.183
mail1.m6go.com. 3600 IN A 222.222.193.227
mailer.m6go.com. 3600 IN MX 10
mailer.m6go.com. 3600 IN MX 20
mailer.m6go.com. 3600 IN MX 5
mailer.m6go.com. 3600 IN TXT "v=spf1
mx01.mailer.m6go.com. 3600 IN A 60.28.204.220
mx02.mailer.m6go.com. 3600 IN A 60.28.204.221
mx03.mailer.m6go.com. 3600 IN A 60.28.204.222
mailer1.m6go.com. 3600 IN MX 10
mailer1.m6go.com. 3600 IN TXT "v=spf1
mx01.mailer1.m6go.com. 3600 IN A 60.28.214.73
mx01.mailer1.m6go.com. 3600 IN A 60.28.214.74
mx01.mailer1.m6go.com. 3600 IN A 60.28.214.75
mx01.mailer1.m6go.com. 3600 IN A 60.28.214.76
mx01.mailer1.m6go.com. 3600 IN A 60.28.214.77
mx01.mailer1.m6go.com. 3600 IN A 60.28.214.78
mx01.mailer1.m6go.com. 3600 IN A 60.28.214.68
mx01.mailer1.m6go.com. 3600 IN A 60.28.214.69
mx01.mailer1.m6go.com. 3600 IN A 60.28.214.70
mx01.mailer1.m6go.com. 3600 IN A 60.28.214.71
mx01.mailer1.m6go.com. 3600 IN A 60.28.214.72
mailer2.m6go.com. 3600 IN MX 10
mailer2.m6go.com. 3600 IN TXT "v=spf1
mx01.mailer2.m6go.com. 3600 IN A 60.28.216.56
mx01.mailer2.m6go.com. 3600 IN A 60.28.216.57
mx01.mailer2.m6go.com. 3600 IN A 60.28.216.58
mx01.mailer2.m6go.com. 3600 IN A 60.28.216.59
mx01.mailer2.m6go.com. 3600 IN A 60.28.216.60
mx01.mailer2.m6go.com. 3600 IN A 60.28.216.61
mx01.mailer2.m6go.com. 3600 IN A 60.28.216.62
mx01.mailer2.m6go.com. 3600 IN A 60.28.216.52
mx01.mailer2.m6go.com. 3600 IN A 60.28.216.53
mx01.mailer2.m6go.com. 3600 IN A 60.28.216.54
mx01.mailer2.m6go.com. 3600 IN A 60.28.216.55
malladmin.m6go.com. 3600 IN A 60.28.220.134
testbox.malladmin.m6go.com. 3600 IN A 60.28.204.217
mp.m6go.com. 3600 IN A 60.28.220.134
mx.m6go.com. 3600 IN MX 10
pay.m6go.com. 3600 IN A 60.28.204.218
29.pay.m6go.com. 3600 IN A 60.28.203.29
sandbox.pay.m6go.com. 3600 IN A 124.202.197.150
testbox.pay.m6go.com. 3600 IN A 60.28.204.217
print.m6go.com. 3600 IN CNAME test.m6go.com.
res.m6go.com. 3600 IN CNAME res.m6go.com.wscdns.com.
res01.m6go.com. 3600 IN CNAME res01.m6go.com.wscdns.com.
res02.m6go.com. 3600 IN CNAME res02.m6go.com.wscdns.com.
search.m6go.com. 3600 IN A 60.28.220.134
sender.m6go.com. 3600 IN MX 5
sender.m6go.com. 3600 IN MX 10
sender.m6go.com. 3600 IN MX 20
sender.m6go.com. 3600 IN TXT "v=spf1
mx01.sender.m6go.com. 3600 IN A 60.28.204.220
mx02.sender.m6go.com. 3600 IN A 60.28.204.221
mx03.sender.m6go.com. 3600 IN A 60.28.204.222
sf.m6go.com. 3600 IN A 60.28.204.213
shopadmin.m6go.com. 3600 IN A 60.28.220.134
shunfeng.m6go.com. 3600 IN A 60.28.204.213
sms.m6go.com. 3600 IN A 60.28.220.134
testbox.sms.m6go.com. 3600 IN A 60.28.204.217
smtp.m6go.com. 3600 IN A 222.222.193.227
staff.m6go.com. 3600 IN A 222.222.193.227
staff.m6go.com. 3600 IN MX 10
staff.m6go.com. 3600 IN MX 5
staff.m6go.com. 3600 IN TXT "v=spf1
t1m.m6go.com. 3600 IN CNAME test.m6go.com.
t1malladmin.m6go.com. 3600 IN A 124.202.197.150
t1www.m6go.com. 3600 IN A 124.202.197.150
t2m.m6go.com. 3600 IN CNAME test.m6go.com.
t2malladmin.m6go.com. 3600 IN A 124.202.197.150
t2www.m6go.com. 3600 IN A 124.202.197.150
t3m.m6go.com. 3600 IN CNAME test.m6go.com.
t3malladmin.m6go.com. 3600 IN A 124.202.197.150
t3www.m6go.com. 3600 IN A 124.202.197.150
tapi.m6go.com. 3600 IN CNAME test.m6go.com.
test.m6go.com. 3600 IN A 10.10.10.21
tevent.m6go.com. 3600 IN A 124.202.197.150
tm.m6go.com. 3600 IN CNAME test.m6go.com.
tmalladmin.m6go.com. 3600 IN A 124.202.197.150
ttmalladmin.m6go.com. 3600 IN A 60.28.204.217
twww.m6go.com. 3600 IN A 124.202.197.150
upload.m6go.com. 3600 IN A 60.28.220.134
worldcup2014.m6go.com. 3600 IN A 60.28.204.212
www.m6go.com. 3600 IN A 60.28.220.134
29.www.m6go.com. 3600 IN A 60.28.203.29
sandbox.www.m6go.com. 3600 IN A 124.202.197.150
testbox.www.m6go.com. 3600 IN A 60.28.204.217
testsandbox.www.m6go.com. 3600 IN A 60.28.204.217
wwww.m6go.com. 3600 IN A 60.28.220.134
Trying Zone Transfer for m6go.com on ns1.0-6.com ...
AXFR record query failed: Response code from server: REFUSED
brute force file not specified, bay.
root@localhost:/home/android#
漏洞证明:
修复方案:
不懂
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)