漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2011-01519
漏洞标题:拉手网dns域传送泄露漏洞
相关厂商:拉手网
漏洞作者: 空气
提交时间:2011-03-06 21:00
修复时间:2011-04-06 00:00
公开时间:2011-04-06 00:00
漏洞类型:网络敏感信息泄漏
危害等级:中
自评Rank:10
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2011-03-06: 积极联系厂商并且等待厂商认领中,细节不对外公开
2011-04-06: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
拉手网dns域传送泄露漏洞
详细说明:
> ls -t lashou.com
[ns2.lashou.com]
lashou.com. A 119.161.240.88
lashou.com. NS server = ns2.lashou.com
lashou.com. NS server = ns3.lashou.com
hk A 211.72.254.182
img A 119.161.240.66
mail A 119.161.209.221
mail10 A 119.161.209.222
mail11 A 110.173.1.2
mail12 A 119.161.240.74
mail13 A 110.173.1.4
mail14 A 110.173.1.5
mail3 A 119.161.240.80
mail4 A 119.161.240.78
mail5 A 119.161.209.80
mail6 A 119.161.240.79
mail7 A 119.161.209.219
mail8 A 119.161.240.81
ns2 A 119.161.240.92
ns3 A 119.161.240.93
t8 A 119.161.240.96
img.tw A 211.72.254.181
www10 A 110.173.1.10
www11 A 110.173.1.11
www12 A 110.173.1.12
www13 A 110.173.1.13
www14 A 110.173.1.14
www210 A 119.161.209.210
www211 A 119.161.209.211
www220 A 119.161.209.220
www24 A 110.173.1.24
www25 A 110.173.1.25
www26 A 110.173.1.26
www27 A 110.173.1.27
www28 A 110.173.1.28
www29 A 110.173.1.29
www34 A 110.173.1.34
www35 A 110.173.1.35
www36 A 110.173.1.36
www37 A 110.173.1.37
www38 A 110.173.1.38
www39 A 110.173.1.39
www40 A 110.173.1.40
www41 A 110.173.1.41
www47 A 110.173.1.47
www49 A 110.173.1.49
www50 A 110.173.1.50
www51 A 110.173.1.51
www52 A 110.173.1.52
www53 A 110.173.1.53
www69 A 119.161.240.110
www7 A 110.173.1.7
www8 A 110.173.1.8
www83 A 119.161.209.83
www84 A 119.161.209.84
www85 A 119.161.240.85
www86 A 119.161.209.86
www87 A 119.161.209.87
www88 A 119.161.209.88
www89 A 119.161.209.89
www9 A 110.173.1.9
www90 A 119.161.209.90
www91 A 119.161.240.91
www93 A 119.161.240.93
>
漏洞证明:
修复方案:
设定安全的区域传送或者禁用区域传送
版权声明:转载请注明来源 空气@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:5 (WooYun评价)