当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-038683

漏洞标题:若邻网DNS域传送漏洞

相关厂商:wealink.com

漏洞作者: h4ckice

提交时间:2013-10-10 20:07

修复时间:2013-11-24 20:08

公开时间:2013-11-24 20:08

漏洞类型:系统/服务运维配置不当

危害等级:低

自评Rank:5

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-10-10: 积极联系厂商并且等待厂商认领中,细节不对外公开
2013-11-24: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

没有进行身份验证就允许恶意攻击者获取到DNS信息

详细说明:

* CNAME www.wip.wealink.com
163 A 61.145.121.80
_domainkey NS ns3.ucigroup.org
ad A 211.152.55.58
api CNAME www.wip.wealink.com
app1 CNAME www.wip.wealink.com
apps CNAME www.wip.wealink.com
backend2 CNAME www.wip.wealink.com
blog CNAME labs.wealink.com
cbd A 211.152.55.54
connection CNAME www.wip.wealink.com
dance A 211.152.55.54
dev A 211.152.55.53
developers CNAME www.wip.wealink.com
en CNAME en.wip.wealink.com
group CNAME www.wip.wealink.com
innerapp CNAME www.wip.wealink.com
intranet CNAME ghs.google.com
job CNAME job.wip.wealink.com
labs A 211.152.55.54
lc1 A 211.152.55.51
lc2 A 203.166.161.14
m CNAME www.wip.wealink.com
mail CNAME exmail.qq.com
mail2 CNAME mail.71inc.com
mail4 A 222.66.48.30
mailbox MX 5 mxbiz1.qq.com
mailbox MX 10 mxbiz2.qq.com
mailbox TXT "v=spf1 include:spf.mail.qq.com
~all"
mailbox A 119.147.15.108
mangbar A 221.130.201.29
message CNAME www.wip.wealink.com
msite A 211.152.55.54
my CNAME www.wip.wealink.com
n CNAME labs.wealink.com
oa CNAME www.wip.wealink.com
passport CNAME www.wip.wealink.com
proxy CNAME www.wip.wealink.com
s CNAME labs.wealink.com
service TXT "v=spf1 mx include:mail.71inc.co
m include:222.66.48.26 ~all"
service MX 5 mail.wealink.com
service MX 10 mail2.wealink.com
service MX 11 mail4.wealink.com
share CNAME www.wip.wealink.com
smtp A 211.152.55.62
smtp1 CNAME ad.wealink.com
smtp3 CNAME smtp.sinanet.com
smtp4 A 61.135.132.71
socialcapital CNAME labs.wealink.com
spf TXT "v=spf1 include:spf.mail.qq.com
~all"
spf MX 5 mxbiz1.qq.com
spf MX 10 mxbiz2.qq.com
spf A 119.147.15.108
staff MX 5 gate.ucigroup.cn
staff A 211.152.55.56
static CNAME www.wip.wealink.com
systemtest A 211.152.55.59
wap CNAME www.wip.wealink.com
wip NS lc1.wealink.com
wip NS lc2.wealink.com
www CNAME www.wip.wealink.com
wealink.com. SOA ns3.ucigroup.org wmao.ucigroup.org.wealink.com. (2013082717 10800 900 604800 86400)

漏洞证明:

QQ图片20131001131834.jpg

修复方案:

身份验证

版权声明:转载请注明来源 h4ckice@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝