冰动娱乐DNS域传送漏洞 | wooyun-2012-06145| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-06145

漏洞标题：冰动娱乐DNS域传送漏洞

漏洞作者： ReJeCt

提交时间：2012-04-18 16:19

修复时间：2012-06-02 16:20

公开时间：2012-06-02 16:20

漏洞类型：网络敏感信息泄漏

危害等级：中

自评Rank：10

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2012-04-18：细节已通知厂商并且等待厂商处理中
2012-04-18：厂商已经确认，细节仅向厂商公开
2012-04-28：细节向核心白帽子及相关领域专家公开
2012-05-08：细节向普通白帽子公开
2012-05-18：细节向实习白帽子公开
2012-06-02：细节向公众公开

简要描述：

playcool.com DNS服务器（banana.playcool.com apple.playcool.com等）配置不当，导致所有域名dns泄露，因旗下有三款网络游戏，因此很有可能通过DNS域问题来间接获得更多敏感信息，渗透入内网。

详细说明：

漏洞证明：

> server apple.playcool.com
默认服务器:  apple.playcool.com
Address:  122.226.192.1
> ls playcool.com
[apple.playcool.com]
 playcool.com.                  A      122.226.192.57
 playcool.com.                  NS     server = date.playcool.com
 playcool.com.                  NS     server = apple.playcool.com
 playcool.com.                  NS     server = banana.playcool.com
 activity                       A      220.181.2.93
 activity                       A      220.181.2.94
 ad                             A      10.2.3.13
 apple                          A      122.226.192.1
 banana                         A      123.129.231.129
 bts                            A      114.80.81.27
 bts0                           A      122.226.192.54
 bts1                           A      122.226.192.54
 c                              A      222.73.214.103
 cas                            A      114.80.81.27
 cas0                           A      122.226.192.54
 cas1                           A      122.226.192.54
 cas2                           A      114.80.81.27
 download.cnc                   A      123.129.231.130
 download.cnc                   A      123.129.231.135
 coconut                        A      222.73.214.1
 update.ml.corp                 A      172.18.2.221
 update2.ml.corp                A      172.18.2.221
 app.passport.corp              A      172.18.2.137
 db.passport.corp               A      172.18.2.136
 queue.passport.corp            A      172.18.2.139
 web.passport.corp              A      172.18.2.138
 phpq.corp                      A      122.226.192.57
 pool.corp                      A      222.133.231.194
 cs                             A      122.226.192.57
 data                           A      10.2.1.22
 date                           A      114.80.81.1
 list.dd                        A      122.226.192.3
 pingsite1.dd                   A      122.226.192.3
 site1.dd                       A      122.226.192.3
 ss.dd                          A      122.226.192.3
 ver.dd                         A      122.226.192.3
 dl                             A      122.226.192.57
 download                       A      122.226.192.57
 list.dtest                     A      122.226.192.3
 patch.dtest                    A      122.226.192.3
 pingsite3.dtest                A      123.129.231.129
 pingsite4.dtest                A      122.226.192.3
 site3.dtest                    A      123.129.231.236
 site4.dtest                    A      122.226.192.108
 ss.dtest                       A      122.226.192.3
 uc.dtest                       A      122.226.192.2
 ver.dtest                      A      122.226.192.3
 esales                         A      114.80.81.6
 ftp2                           A      123.129.231.144
 gcafe                          A      122.226.192.57
 gm                             A      114.80.81.7
 go                             A      122.226.192.96
 admin.go                       A      122.226.192.97
 hd                             A      122.226.192.101
 hr                             A      122.226.192.69
 ibdftp                         A      61.129.72.21
 img                            A      122.226.192.57
 junwangpayment                 A      114.80.81.6
 kf                             A      122.226.192.57
 launcher                       A      122.226.192.57
 mail                           A      114.80.81.8
 mail2                          A      114.80.81.14
 member                         A      114.80.81.27
 mf                             A      122.226.192.14
 ml                             A      122.226.192.57
 launcher.a.ml                  A      122.226.192.3
 list.a.ml                      A      122.226.192.3
 patch.a.ml                     A      118.123.241.66
 pingsite1.a.ml                 A      118.123.241.66
 site1.a.ml                     A      118.123.241.122
 ss.a.ml                        A      122.226.192.3
 uc.a.ml                        A      118.123.241.66
 ver.a.ml                       A      122.226.192.3
 ad.ml                          A      122.226.192.57
 app.ml                         A      122.226.192.57
 bbs.ml                         A      122.226.192.57
 dl.ml                          A      122.226.192.57
 download1.ml                   A      122.226.192.3
 download3.ml                   A      122.226.192.2
 download3.ml                   A      122.226.192.3
 engmtools.ml                   A      122.226.192.57
 ftp.ml                         A      114.80.81.10
 gbs.ml                         A      114.80.81.27
 gmtools.ml                     A      10.65.0.251
 hsupdate.ml                    A      122.226.192.3
 jwj.ml                         A      122.226.192.57
 nnsite1.ml                     A      122.226.192.125
 nsite1.ml                      A      122.226.192.85
 nsite2.ml                      A      122.226.192.51
 nsite3.ml                      A      123.129.231.208
 nsite4.ml                      A      122.226.192.25
 cd.patch.ml                    A      118.123.241.78
 cd.patch.ml                    A      118.123.241.79
 cd.patch.ml                    A      118.123.241.80
 cd.patch.ml                    A      118.123.241.81
 pdt.ml                         A      122.226.192.57
 pingnnsite1.ml                 A      122.226.192.3
 pingnsite1.ml                  A      122.226.192.3
 pingnsite2.ml                  A      122.226.192.3
 pingnsite3.ml                  A      123.129.231.130
 pingnsite4.ml                  A      122.226.192.3
 pingsite1.ml                   A      122.226.192.57
 pingsite2.ml                   A      122.226.192.57
 pingsite3.ml                   A      123.129.231.130
 quick.ml                       A      122.226.192.57
 site3.ml                       A      123.129.231.236
 update.ml                      A      122.226.192.57
 usftp.ml                       A      114.80.81.10
 xj.ml                          A      122.226.192.57
 patch.xj.ml                    A      122.226.192.3
 xsk.ml                         A      122.226.192.57
 list.mltest                    A      122.226.192.3
 pingsite1.mltest               A      122.226.192.3
 site1.mltest                   A      122.226.192.26
 ss.mltest                      A      122.226.192.3
 ver.mltest                     A      122.226.192.3
 monitor                        A      10.2.1.22
 netbar                         A      122.226.192.57
 p                              A      122.226.192.57
 ftp.partner                    A      61.152.145.111
 passport                       A      114.80.81.27
 app.passport                   A      10.10.10.102
 db.passport                    A      10.1.3.200
 queue.passport                 A      10.1.3.104
 web1.passport                  A      10.1.3.101
 pay                            A      114.80.81.27
 service                        A      122.226.192.57
 sinasms                        A      114.80.81.6
 sj                             A      122.226.192.3
 sj                             A      122.226.192.57
 bbs.sj                         A      122.226.192.57
 download.cnc.sj                A      123.129.231.130
 download.cnc.sj                A      123.129.231.135
 download1.cnc.sj               A      123.129.231.130
 download1.sj                   A      122.226.192.2
 download2.sj                   A      122.226.192.3
 cnc.gas.sj                     A      10.10.20.101
 tel.gas.sj                     A      10.10.30.101
 gas0.sj                        A      122.226.192.54
 gas1.sj                        A      122.226.192.54
 gbs.sj                         A      114.80.81.27
 gbs0.sj                        A      122.226.192.54
 gbs1.sj                        A      122.226.192.54
 gds.sj                         A      114.80.81.27
 gds0.sj                        A      122.226.192.54
 gds1.sj                        A      122.226.192.54
 0.log.sj                       A      10.68.10.128
 1.log.sj                       A      10.68.11.119
 10.log.sj                      A      10.68.1.119
 2.log.sj                       A      10.68.11.119
 3.log.sj                       A      10.68.13.119
 4.log.sj                       A      10.68.1.119
 5.log.sj                       A      10.68.1.119
 6.log.sj                       A      10.68.3.119
 7.log.sj                       A      10.68.11.119
 8.log.sj                       A      10.68.15.119
 9.log.sj                       A      10.68.16.119
 b2.log.sj                      A      172.17.104.174
 patch.sj                       A      122.226.192.2
 patch.sj                       A      122.226.192.3
 0.patch.sj                     A      122.226.192.2
 0.patch.sj                     A      122.226.192.3
 99.patch.sj                    A      122.226.192.2
 99.patch.sj                    A      122.226.192.3
 b1.patch.sj                    A      172.18.10.250
 b2.patch.sj                    A      172.18.10.250
 c1.patch.sj                    A      172.18.10.250
 c2.patch.sj                    A      172.18.10.250
 r1.patch.sj                    A      122.226.192.2
 qy.sj                          A      122.226.192.54
 download.tel.sj                A      122.226.192.2
 download.tel.sj                A      122.226.192.3
 sms                            A      172.18.2.143
 static1                        A      122.226.192.57
 zabbix.techop                  A      172.18.10.250
 tg                             A      122.226.192.50
 time                           A      114.80.81.1
 tracker                        A      122.226.192.121
 tracker2                       A      123.129.231.130
 tracker3                       A      122.226.192.2
 ty                             NS     server = ns1.ty.playcool.com
 ty                             NS     server = ns2.ty.playcool.com
 ns1.ty                         A      122.226.192.98
 ns2.ty                         A      122.226.192.99
 ucenter                        A      122.226.192.57
 forum.us                       A      114.80.81.123
 uspass                         A      114.80.81.219
 websg                          A      172.18.28.109
 webtickets                     A      114.80.81.7
 wh                             A      114.80.81.27
 www                            A      122.226.192.57

修复方案：

找蓝翔专家吧

版权声明：转载请注明来源 ReJeCt@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：10

确认时间：2012-04-18 16:53

厂商回复：

已经修复该安全漏洞。
非常感谢ReJeCt

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-06145

漏洞标题：冰动娱乐DNS域传送漏洞

相关厂商：上海冰动信息技术有限公司

漏洞作者： ReJeCt

提交时间：2012-04-18 16:19

修复时间：2012-06-02 16:20

公开时间：2012-06-02 16:20

漏洞类型：网络敏感信息泄漏

危害等级：中

自评Rank：10

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 ReJeCt@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-06145

漏洞标题：冰动娱乐DNS域传送漏洞

相关厂商：上海冰动信息技术有限公司

漏洞作者： ReJeCt

提交时间：2012-04-18 16:19

修复时间：2012-06-02 16:20

公开时间：2012-06-02 16:20

漏洞类型：网络敏感信息泄漏

危害等级：中

自评Rank：10

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2012-06145"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 ReJeCt@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：