乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-12: 细节已通知厂商并且等待厂商处理中 2015-02-17: 厂商已经主动忽略漏洞,细节向公众公开
南都网DNS域传送漏洞
ns1.nandu.com DNS 服务器配置不当,导致所有域名dns泄露,可能引起进一步的入侵。
[ns1.nandu.com] nandu.com. SOA ns1.nandu.com root.nandu.com. (2009041701 3600 900 68400 15) nandu.com. NS ns1.nandu.com nandu.com. NS ns2.nandu.com nandu.com. A 113.108.213.9 nandu.com. MX 5 mail.nandu.com nandu.com. MX 10 mail.nandu.com 360 A 113.108.213.9 360m A 211.151.194.106 api A 113.108.213.9 app A 183.60.192.162 auto CNAME auto.nandu.ccgslb.com.cn bbs A 113.108.213.29 caipiao A 113.108.213.9 corp CNAME corp.nandu.ccgslb.com.cn dongman A 113.108.213.9 em A 183.60.207.101 ent CNAME ent.nandu.ccgslb.com.cn epaper A 113.108.213.60 fang A 183.60.207.116 finance CNAME finance.nandu.ccgslb.com.cn game A 113.108.213.9 gd CNAME gd.nandu.ccgslb.com.cn ggd A 113.108.213.29 hd CNAME hd.nandu.ccgslb.com.cn house CNAME house.nandu.ccgslb.com.cn ipad A 113.108.213.9 ipaper A 113.108.213.9 jzj A 183.60.207.84 life CNAME life.nandu.ccgslb.com.cn m A 113.108.213.9 mail A 223.4.9.129 mail A 223.4.9.130 md A 113.108.213.29 media A 113.108.213.29 mipu A 121.9.240.91 msn A 113.108.213.9 ndapp A 113.108.213.54 img1.ndapp A 113.108.213.54 img2.ndapp A 113.108.213.54 ndmpx A 113.108.213.9 news CNAME news.nandu.ccgslb.com.cn ngo A 113.108.213.57 ngo1 A 113.108.213.57 ns1 A 113.108.213.11 ns2 A 113.108.213.12 paper CNAME paper.nandu.ccgslb.com.cn photo CNAME photo.nandu.ccgslb.com.cn piwik A 183.60.207.116 qyrb A 113.108.213.27 qyrbadmin A 113.108.213.27 shop CNAME shop.oeeee.com sns A 113.108.213.29 sports CNAME sports.nandu.ccgslb.com.cn travel CNAME travel.nandu.ccgslb.com.cn tukan A 113.108.213.9 user A 121.9.240.71 vaps CNAME ndvapsco.jiangsu1.cachechina.org video CNAME video.nandu.ccgslb.com.cn wemedia A 113.108.213.29 www CNAME www.nandu.ccgslb.com.cn wx A 113.108.213.40 zt A 183.60.207.116 nandu.com. SOA ns1.nandu.com root.nandu.com. (2009041701 3600 900 68400 15)
>nslookup>server ns1.nandu.com>ls -d nandu.com
你懂的。
危害等级:无影响厂商忽略
忽略时间:2015-02-17 10:32
2015-03-31:已经修复