酷我音乐DNS域传送漏洞 | wooyun-2014-051148| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-051148

漏洞标题：酷我音乐DNS域传送漏洞

漏洞作者：你又不是她

提交时间：2014-02-17 11:20

修复时间：2014-02-27 11:21

公开时间：2014-02-27 11:21

漏洞类型：系统/服务运维配置不当

危害等级：低

自评Rank：5

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2014-02-17：细节已通知厂商并且等待厂商处理中
2014-02-27：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

由于配置不当，致使dns泄露

详细说明：

C:\Users\administrator>nslookup
默认服务器:  xslns4
Address:  202.99.96.68
> set type=ns
> kuwo.cn
服务器:  xslns4
Address:  202.99.96.68
非权威应答:
kuwo.cn nameserver = ns4.koowo.com
kuwo.cn nameserver = ns2.koowo.com
kuwo.cn nameserver = ns1.koowo.com
ns1.koowo.com   internet address = 60.28.210.116
ns2.koowo.com   internet address = 60.28.210.118
ns4.koowo.com   internet address = 60.29.225.22
> server ns4.koowo.com
默认服务器:  ns4.koowo.com
Address:  60.29.225.22
> ls kuwo.cn
 assist8.sq                     A      221.5.43.84
 assist9.sq                     A      58.253.67.141
 res1.sq                        A      221.5.44.39
 res10.sq                       A      58.253.67.246
 res11.sq                       A      58.253.67.247
 res12.sq                       A      221.5.43.141
 res13.sq                       A      58.253.68.68
 res14.sq                       A      58.253.68.72
 res15.sq                       A      221.5.44.41
 res16.sq                       A      112.90.249.175
 res17.sq                       A      221.5.44.209
 res18.sq                       A      112.90.248.35
 res19.sq                       A      112.90.248.42
 res2.sq                        A      221.5.44.40
 res20.sq                       A      112.90.248.44
 res21.sq                       A      221.5.44.242
 res22.sq                       A      58.253.68.78
 res23.sq                       A      221.5.44.64
 res24.sq                       A      58.253.68.110
 res25.sq                       A      221.5.45.173
 res26.sq                       A      112.90.248.123
 res27.sq                       A      112.90.248.41
 res28.sq                       A      112.90.249.165
 res29.sq                       A      112.90.248.136
 res3.sq                        A      112.90.248.159
 res30.sq                       A      58.253.68.15
 res31.sq                       A      58.253.68.29
 res32.sq                       A      58.253.68.61
 res33.sq                       A      58.253.64.202
 res34.sq                       A      221.5.44.68
 res35.sq                       A      58.253.64.137
 res36.sq                       A      58.253.70.77
 res37.sq                       A      112.90.248.147
 res38.sq                       A      221.5.43.237
 res39.sq                       A      112.90.248.29
 res4.sq                        A      112.90.248.160
 res40.sq                       A      221.5.43.235
 res41.sq                       A      112.90.249.152
 res42.sq                       A      112.90.249.157
 res43.sq                       A      112.90.248.144
 res44.sq                       A      112.90.249.165
 res45.sq                       A      112.90.248.116
 res46.sq                       A      112.90.248.21
 res47.sq                       A      221.5.44.242
 res48.sq                       A      221.5.44.209
 res49.sq                       A      58.253.64.137
 res5.sq                        A      112.90.248.174
 res50.sq                       A      221.5.44.231
 res51.sq                       A      112.90.248.48
 res52.sq                       A      221.5.45.223
 res53.sq                       A      221.5.44.240
 res54.sq                       A      58.253.64.202
 res55.sq                       A      221.5.44.233
 res6.sq                        A      221.5.43.237
 res7.sq                        A      112.90.249.171
 res8.sq                        A      221.5.43.84
 res9.sq                        A      58.253.67.141
 s1.sq                          A      221.5.44.39
 s10.sq                         A      58.253.67.246
 s11.sq                         A      58.253.67.247
 s12.sq                         A      221.5.43.141
 s13.sq                         A      58.253.68.68
 s14.sq                         A      58.253.68.72
 s15.sq                         A      221.5.44.41
 s16.sq                         A      112.90.249.175
 s17.sq                         A      221.5.44.209
 s18.sq                         A      112.90.248.35
 s19.sq                         A      112.90.248.42
 s2.sq                          A      221.5.44.40
 s20.sq                         A      112.90.248.44
 s21.sq                         A      221.5.44.242
 s22.sq                         A      58.253.68.78
 s23.sq                         A      221.5.44.64
 s24.sq                         A      58.253.68.110
 s25.sq                         A      221.5.45.173
 s26.sq                         A      112.90.248.123
 s27.sq                         A      112.90.248.41
 s28.sq                         A      112.90.249.165
 s29.sq                         A      112.90.248.136
 s3.sq                          A      112.90.248.159
 s30.sq                         A      58.253.68.15
 s31.sq                         A      58.253.68.29
 s32.sq                         A      58.253.68.61
 s33.sq                         A      58.253.64.202
 s34.sq                         A      221.5.44.68
 s35.sq                         A      58.253.64.137
 s36.sq                         A      58.253.70.77
 s37.sq                         A      112.90.248.147
 s38.sq                         A      221.5.43.237
 s39.sq                         A      112.90.248.29
 s4.sq                          A      112.90.248.160
 s40.sq                         A      221.5.43.235
 s41.sq                         A      112.90.249.152
 s42.sq                         A      112.90.249.157
 s43.sq                         A      112.90.248.144
 s44.sq                         A      112.90.249.165
 s45.sq                         A      112.90.248.116
 s46.sq                         A      112.90.248.21
 s47.sq                         A      221.5.44.242
 s48.sq                         A      221.5.44.209
 s49.sq                         A      58.253.64.137
 s5.sq                          A      112.90.248.174
 s50.sq                         A      221.5.44.231
 s51.sq                         A      112.90.248.48
 s52.sq                         A      221.5.45.223
 s53.sq                         A      221.5.44.240
 s54.sq                         A      58.253.64.202
 s55.sq                         A      221.5.44.233
 s6.sq                          A      221.5.43.237
 s7.sq                          A      112.90.249.171
 s8.sq                          A      221.5.43.84
 s9.sq                          A      58.253.67.141
 stars                          A      60.28.205.41
 stat                           A      60.28.205.44
 s1.swjt                        A      112.91.158.32
 s10.swjt                       A      103.5.56.123
 s11.swjt                       A      103.5.56.123
 s12.swjt                       A      103.5.56.123
 s13.swjt                       A      112.91.158.32
 s14.swjt                       A      112.91.158.32
 s15.swjt                       A      112.91.158.32
 s16.swjt                       A      112.91.158.32
 s17.swjt                       A      103.5.56.123
 s18.swjt                       A      103.5.56.123
 s19.swjt                       A      103.5.56.123
 s2.swjt                        A      112.91.158.32
 s20.swjt                       A      103.5.56.123
 s21.swjt                       A      103.5.56.123
 s22.swjt                       A      103.5.56.123
 s23.swjt                       A      103.5.56.123
 s24.swjt                       A      103.5.56.123
 s25.swjt                       A      119.38.129.202
 s26.swjt                       A      119.38.129.202
 s27.swjt                       A      119.38.129.202
 s28.swjt                       A      119.38.129.202
 s29.swjt                       A      119.38.129.202
 s3.swjt                        A      112.91.158.32
 s30.swjt                       A      119.38.129.202
 s31.swjt                       A      112.91.158.32
 s32.swjt                       A      112.91.158.32
 s33.swjt                       A      103.5.56.123
 s34.swjt                       A      103.5.56.123
 s35.swjt                       A      103.5.56.123
 s36.swjt                       A      103.5.56.123
 s37.swjt                       A      112.91.24.226
 s38.swjt                       A      112.91.24.226
 s39.swjt                       A      112.91.24.226
 s4.swjt                        A      112.91.158.32
 s40.swjt                       A      112.91.24.226
 s41.swjt                       A      163.177.176.225
 s42.swjt                       A      112.91.158.32
 s43.swjt                       A      112.91.158.32
 s5.swjt                        A      112.91.158.32
 s6.swjt                        A      112.91.158.32
 s7.swjt                        A      112.91.158.32
 s8.swjt                        A      112.91.158.32
 s9.swjt                        A      103.5.56.123
 test1                          A      60.28.205.40
 s1.tlcs                        A      112.90.27.158
 s2.tlcs                        A      112.90.27.158
 s3.tlcs                        A      112.90.27.158
 s4.tlcs                        A      112.90.27.158
 tuijian                        A      60.28.193.252
 s1.tzr                         A      58.249.119.173
 s1001.tzr                      A      112.91.24.220
 s2.tzr                         A      112.91.24.219
 s3.tzr                         A      112.91.24.221
 uh1                            A      60.28.201.180
 uh2                            A      60.28.205.43
 uh3                            A      60.28.205.38
 union                          A      60.28.205.44
 update                         A      211.151.89.39
 uplrc                          A      60.28.201.190
 ape.vip                        A      218.27.132.24
 ma.vip                         A      218.27.132.45
 mp3.vip                        A      218.27.132.49
 mv.vip                         A      218.27.132.24
 vote                           A      60.28.205.57
 vpn                            A      60.28.205.60
 watest                         A      60.28.205.59
 webcdn                         NS     server = ns1.web
 webcdn                         NS     server = ns2.web
 ns1.webcdn                     A      60.29.225.21
 ns2.webcdn                     A      221.238.18.61
 webstat                        A      60.28.201.174
 s1.wls                         A      117.79.155.142
 s2.wls                         A      117.79.155.142
 s3.wls                         A      117.79.155.142
 wmv                            A      202.98.23.162
 wmv                            A      125.32.112.188
 wmv                            A      202.98.23.132
 wmv                            A      125.32.112.190
 wmv                            A      218.28.104.49
 s1.rexue.wt                    A      221.5.8.83
 s3.rexue.wt                    A      221.5.8.222
 s4.rexue.wt                    A      221.5.10.146
 s5.rexue.wt                    A      221.5.8.85
 s6.rexue.wt                    A      221.5.10.151
 s7.rexue.wt                    A      221.5.8.96
 s8.rexue.wt                    A      221.5.10.160
 s9.rexue.wt                    A      221.5.10.147
 s2.wuxia                       A      58.83.172.154
 s3.wuxia                       A      58.83.172.154
 s5.wuxia                       A      58.83.172.155
 s1.xdj                         A      114.80.162.86
 s2.xdj                         A      114.80.162.86
 s3.xdj                         A      114.80.162.86
 s4.xdj                         A      114.80.162.86
 s5.xdj                         A      114.80.162.86
 s6.xdj                         A      114.80.162.86
 s1.xueyu                       A      221.5.43.132
 s2.xueyu                       A      221.5.43.132
 s3.xueyu                       A      221.5.43.132
 xy1.xueyu                      A      58.253.71.82
 xy2.xueyu                      A      60.12.231.204
 xy3.xueyu                      A      60.12.231.204
 xygm1.xueyu                    A      221.5.43.132
 xygm2.xueyu                    A      221.5.43.132
 xygm3.xueyu                    A      221.5.43.132
 f001.xxas                      A      118.26.201.79
 s0.xxas                        A      112.90.19.230
 s1.xxas                        A      112.90.19.230
 s2.xxas                        A      112.90.27.98
 s3.xxas                        A      122.13.72.227
 s4.xxas                        A      112.90.19.240
 s5.xxas                        A      118.26.225.174
 s6.xxas                        A      118.26.225.176
 s7.xxas                        A      118.26.225.178
 s8.xxas                        A      42.62.52.122
 s1.xyj                         A      60.12.156.181
 s1.ygfs                        A      112.90.181.230
 s1e1.ygfs                      A      112.90.181.232
 s1e2.ygfs                      A      112.90.181.235
 s1e3.ygfs                      A      112.90.181.236
 s2.ygfs                        A      112.90.181.230
 s2e1.ygfs                      A      112.91.18.171
 s2e2.ygfs                      A      112.91.18.177
 s2e3.ygfs                      A      112.91.18.182
 s1.yjjh                        A      112.91.23.138
 s1-bak.yjjh                    A      119.38.130.34
 s1-m1.yjjh                     A      112.91.23.138
 s1-m2.yjjh                     A      119.38.130.36
 s1-m3.yjjh                     A      119.38.130.37
 s2.yjjh                        A      112.91.23.138
 s2-bak.yjjh                    A      119.38.130.34
 s2-m1.yjjh                     A      119.38.130.34
 s2-m2.yjjh                     A      120.31.35.2
 s2-m3.yjjh                     A      119.38.130.53
 s3.yjjh                        A      112.91.23.138
 s3-bak.yjjh                    A      119.38.130.34
 s3-bak.yjjh                    A      221.5.43.153
 s3-m1.yjjh                     A      221.5.43.153
 s4.yjjh                        A      112.91.23.138
 s4-bak.yjjh                    A      221.5.43.153
 s4-bak.yjjh                    A      119.38.130.34
 s4-m1.yjjh                     A      221.5.43.153
 s5.yjjh                        A      112.91.23.138
 s5-bak.yjjh                    A      112.91.18.97
 s5-m1.yjjh                     A      112.91.18.97
 s5-m2.yjjh                     A      112.91.18.109
 s1.yjxy                        A      163.177.176.29
 s1.yxwz                        A      112.90.19.33
 s1-1.yxwz                      A      112.90.19.34
 s2.yxwz                        A      112.90.19.33
 s2-1.yxwz                      A      112.90.19.34
 s3.yxwz                        A      112.90.19.33
 s3-1.yxwz                      A      58.248.182.51
 s1.yxyz                        A      58.248.187.114
 s1-1.yxyz                      A      58.248.187.115
 s1-2.yxyz                      A      58.248.187.121
 s2.yxyz                        A      58.248.187.114
 s2-1.yxyz                      A      58.248.183.212
 s3.yxyz                        A      58.248.187.114
 s3-1.yxyz                      A      60.29.229.226
 s4.yxyz                        A      58.248.187.114
 s4-1.yxyz                      A      58.248.187.114
 s4-2.yxyz                      A      58.248.187.117
 s5.yxyz                        A      58.248.187.114
 s6.yxyz                        A      58.248.187.114
 s6-1.yxyz                      A      58.248.187.116
 s7.yxyz                        A      58.248.187.114
 zhangmen                       A      60.28.193.248
 zhiboedit                      A      60.29.226.180
 s1.zjcq                        A      112.90.179.216
 s2.zjcq                        A      112.90.179.216
 srv4001.zjcq                   A      112.90.181.119
 srv4002.zjcq                   A      112.90.181.211
 s1.zqjl                        A      124.248.32.227
 s2.zqjl                        A      124.248.32.233
 s1.zxy                         A      112.91.27.53
 s2.zxy                         A      112.91.27.53
 s3.zxy                         A      112.91.27.53
 s4.zxy                         A      112.91.27.53
 s5.zxy                         A      112.91.27.53
 s6.zxy                         A      112.91.27.53
 s7.zxy                         A      112.91.27.53
 s8.zxy                         A      112.91.27.53
 s9.zxy                         A      112.91.27.53
 s3.zzsf                        A      118.26.238.72

漏洞证明：

修复方案：

添加acl访问控制列表

版权声明：转载请注明来源你又不是她@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2014-02-27 11:21

厂商回复：

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-051148

漏洞标题：酷我音乐DNS域传送漏洞

相关厂商：酷我音乐

漏洞作者：你又不是她

提交时间：2014-02-17 11:20

修复时间：2014-02-27 11:21

公开时间：2014-02-27 11:21

漏洞类型：系统/服务运维配置不当

危害等级：低

自评Rank：5

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源你又不是她@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-051148

漏洞标题：酷我音乐DNS域传送漏洞

相关厂商：酷我音乐

漏洞作者： 你又不是她

提交时间：2014-02-17 11:20

修复时间：2014-02-27 11:21

公开时间：2014-02-27 11:21

漏洞类型：系统/服务运维配置不当

危害等级：低

自评Rank：5

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2014-051148"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 你又不是她@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：你又不是她

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源你又不是她@乌云