当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-081993

漏洞标题:中粮集团DNS域传送漏洞

相关厂商:中粮集团有限公司

漏洞作者: c0nt

提交时间:2014-11-04 17:17

修复时间:2014-11-09 17:18

公开时间:2014-11-09 17:18

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:5

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-11-04: 细节已通知厂商并且等待厂商处理中
2014-11-09: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

域传送一枚
Trying Zone Transfer for cofco.com on bj-ns-04.cofco.com ...
cofco.com 3600 IN SOA
cofco.com 3600 IN NS
cofco.com 3600 IN NS
cofco.com 3600 IN NS
cofco.com 3600 IN NS
cofco.com 3600 IN MX
360rating.cofco.com 3600 IN A 152.5.125.110
506bpm.cofco.com 3600 IN A 10.6.5.18
506crm.cofco.com 3600 IN A 152.5.88.107
506CSC.cofco.com 3600 IN A 219.146.64.6
506dms.cofco.com 3600 IN A 10.6.5.93
506IMS.cofco.com 3600 IN A 10.6.5.100
506mcm.cofco.com 3600 IN A 10.6.5.76
506pingjia.cofco.com 3600 IN A 10.6.5.23
506pts.cofco.com 3600 IN A 10.6.5.89
506srm.cofco.com 3600 IN A 10.6.5.87
506WGM.cofco.com 3600 IN A 10.6.5.112
506wos.cofco.com 3600 IN A 10.6.5.94
606app.cofco.com 3600 IN A 10.6.130.12
606app02.cofco.com 3600 IN A 10.6.10.111
606app03.cofco.com 3600 IN A 10.6.10.140
606apptest.cofco.com 3600 IN A 10.6.10.110
_autodiscover._tcp.cofco.com 3600 IN SRV
_sipfederationtls._tcp.cofco.com 3600 IN SRV
_sip._tls.cofco.com 3600 IN SRV
an.cofco.com 3600 IN A 10.6.28.16
arms.cofco.com 3600 IN A 106.37.237.214
audit.cofco.com 3600 IN A 10.6.57.91
bcbe.cofco.com 3600 IN A 152.5.90.205
bcbebi.cofco.com 3600 IN A 10.6.9.16
bcbefk.cofco.com 3600 IN A 10.6.9.4
bchome.cofco.com 3600 IN A 10.6.9.11
bcoa.cofco.com 3600 IN A 10.6.9.12
behome.cofco.com 3600 IN A 10.6.9.20
beoa.cofco.com 3600 IN A 10.6.9.21
BI.cofco.com 3600 IN A 10.6.128.51
bimob.cofco.com 3600 IN A 10.6.128.50
bj-ns-01.cofco.com 3600 IN A 10.6.128.116
bj-ns-02.cofco.com 3600 IN A 152.5.4.22
bj-ns-03.cofco.com 3600 IN A 10.6.128.116
bj-ns-04.cofco.com 3600 IN A 152.5.4.22
c3.cofco.com 3600 IN A 106.37.237.211
c606it01.cofco.com 3600 IN A 10.6.10.152
ca.cofco.com 3600 IN A 10.6.2.201
careers.cofco.com 3600 IN A 152.5.90.207
ccba.cofco.com 3600 IN A 10.6.2.210
chatpool.cofco.com 3600 IN A 10.6.128.23
chengxin.cofco.com 3600 IN A 152.5.90.207
cofcomag.cofco.com 3600 IN A 10.6.128.5
course.cofco.com 3600 IN A 152.5.90.62
crm.cofco.com 3600 IN A 152.5.125.23
dmbi.cofco.com 3600 IN A 10.6.130.202
dmcrm.cofco.com 3600 IN A 10.6.130.201
dmcrmtest.cofco.com 3600 IN A 10.6.130.203
dmgp.cofco.com 3600 IN A 10.6.10.138
dmll.cofco.com 3600 IN A 10.6.10.145
dmoa.cofco.com 3600 IN A 10.6.130.204
dmoatest.cofco.com 3600 IN A 10.6.130.205
dmoatest01.cofco.com 3600 IN A 10.6.130.206
dmoo.cofco.com 3600 IN A 10.6.10.144
dmpurchase.cofco.com 3600 IN A 10.6.10.169
e-learning.cofco.com 3600 IN A 152.5.90.63
edgepool.cofco.com 3600 IN A 10.6.128.23
ehr.cofco.com 3600 IN A 10.6.57.66
3g.ehr.cofco.com 3600 IN A 10.6.57.66
ehrtest.cofco.com 3600 IN A 152.5.125.110
elife.cofco.com 3600 IN A 10.6.128.50
EV.cofco.com 3600 IN A 10.6.59.95
expo2010.cofco.com 3600 IN A 152.5.125.41
ez6s.cofco.com 3600 IN A 152.5.125.50
finance.cofco.com 3600 IN A 10.8.29.5
fms.cofco.com 3600 IN A 152.5.90.205
fmsdata.cofco.com 3600 IN A 152.5.90.55
futures.cofco.com 3600 IN A 10.6.8.19
gate.cofco.com 3600 IN A 152.5.90.51
gate.cofco.com 3600 IN MX
gloria.cofco.com 3600 IN A 121.199.69.87
gwsales.cofco.com 3600 IN A 10.6.4.107
haoshiku.cofco.com 3600 IN CNAME
healthclub.cofco.com 3600 IN CNAME
healthclubapi.cofco.com 3600 IN A 10.6.0.50
home.cofco.com 3600 IN A 10.6.128.25
hotel.cofco.com 3600 IN A 10.6.12.22
hrtest.cofco.com 3600 IN A 124.117.242.177
huihuang60.cofco.com 3600 IN A 152.5.90.207
i-rice.cofco.com 3600 IN MX
mail.i-rice.cofco.com 3600 IN CNAME
idea.cofco.com 3600 IN A 106.37.237.213
ihome.cofco.com 3600 IN A 10.6.128.25
im.cofco.com 3600 IN A 111.207.82.72
imeeting.cofco.com 3600 IN A 10.6.128.53
info.cofco.com 3600 IN A 152.5.125.110
InfoCollect.cofco.com 3600 IN A 10.6.57.124
innofair.cofco.com 3600 IN A 106.37.237.213
ipms.cofco.com 3600 IN A 106.37.237.215
itunhe.cofco.com 3600 IN A 124.117.242.177
itunhemail.cofco.com 3600 IN A 124.117.242.177
itunheoa.cofco.com 3600 IN A 124.117.242.177
iufo.cofco.com 3600 IN A 10.6.2.102
jc.cofco.com 3600 IN A 10.6.128.50
joycitycrmws.cofco.com 3600 IN A 10.6.131.2
km.cofco.com 3600 IN A 10.6.4.100
kmtest.cofco.com 3600 IN A 10.6.4.103
lanxin.cofco.com 3600 IN A 10.6.128.60
leader.cofco.com 3600 IN A 10.6.2.199
live.cofco.com 3600 IN A 10.6.57.169
lync.cofco.com 3600 IN A 10.6.128.23
lync-owa01.cofco.com 3600 IN A 10.6.57.163
lyncdiscover.cofco.com 3600 IN A 10.6.57.160
m.cofco.com 3600 IN A 10.6.128.53
mail.cofco.com 3600 IN A 10.6.61.88
mail2.cofco.com 3600 IN A 152.5.90.205
mail2k7.cofco.com 3600 IN A 10.6.61.88
md.cofco.com 3600 IN A 10.6.128.140
mdm.cofco.com 3600 IN A 10.6.128.11
media.cofco.com 3600 IN A 152.5.90.207
media1.cofco.com 3600 IN A 152.5.90.207
mediationpool.cofco.com 3600 IN A 10.6.128.23
mx1.cofco.com 3600 IN A 152.5.4.5
nc.cofco.com 3600 IN A 10.6.2.107
newkm.cofco.com 3600 IN A 106.37.237.210
nhribpm.cofco.com 3600 IN A 106.37.237.216
nhrisocial.cofco.com 3600 IN A 10.6.4.105
nw.cofco.com 3600 IN A 207.46.128.18
oil.cofco.com 3600 IN A 10.6.5.23
outspam.cofco.com 3600 IN A 10.6.128.22
plm.cofco.com 3600 IN A 106.37.237.217
plmpre.cofco.com 3600 IN A 106.37.237.218
pool.cofco.com 3600 IN A 10.6.57.160
prms.cofco.com 3600 IN A 10.6.57.53
property.cofco.com 3600 IN A 113.105.85.6
propertyinfo.cofco.com 3600 IN A 113.105.85.6
propertymail.cofco.com 3600 IN A 113.105.85.6
propertyoa.cofco.com 3600 IN A 113.105.85.6
propertyoa-test.cofco.com 3600 IN A 113.105.85.6
propertyoa1.cofco.com 3600 IN A 113.105.85.6
propertysm.cofco.com 3600 IN A 113.105.85.6
pwd.cofco.com 3600 IN A 10.6.57.62
qhselearning.cofco.com 3600 IN A 10.6.128.58
qscd.cofco.com 3600 IN A 10.6.57.42
qywh.cofco.com 3600 IN A 10.6.0.55
rating.cofco.com 3600 IN A 152.5.125.23
recruit.cofco.com 3600 IN A 152.5.125.23
report.cofco.com 3600 IN A 152.5.125.3
RTX.cofco.com 3600 IN A 10.6.128.131
rtxmetting.cofco.com 3600 IN A 10.6.128.132
rtxmobile.cofco.com 3600 IN A 10.6.128.133
SCRM.cofco.com 3600 IN A 10.6.57.124
sdc.cofco.com 3600 IN A 10.6.0.47
sentry.cofco.com 3600 IN A 10.6.128.26
sip.cofco.com 3600 IN A 10.6.128.23
spam.cofco.com 3600 IN A 152.5.4.5
sslvpn.cofco.com 3600 IN A 10.6.128.6
survey.cofco.com 3600 IN A 10.6.57.97
svnnhri.cofco.com 3600 IN A 10.6.4.113
tg.cofco.com 3600 IN A 152.5.176.42
th_webapp1.cofco.com 3600 IN A 124.117.242.177
thrd.cofco.com 3600 IN A 124.117.242.183
tomato.cofco.com 3600 IN MX
tunhemoss.cofco.com 3600 IN A 124.117.242.177
tunheoa.cofco.com 3600 IN A 152.5.125.33
tunheoai.cofco.com 3600 IN A 124.117.242.177
tunhetask.cofco.com 3600 IN A 124.117.242.177
vhome.cofco.com 3600 IN A 152.5.4.11
vip.cofco.com 3600 IN A 42.120.40.73
voc.cofco.com 3600 IN A 106.37.237.212
wangpan.cofco.com 3600 IN A 10.6.58.110
wine.cofco.com 3600 IN MX
www.cofco.com 3600 IN A 10.6.128.2
www1.cofco.com 3600 IN A 10.6.0.46
ytsales.cofco.com 3600 IN A 152.5.90.131
zlh.cofco.com 3600 IN A 115.28.237.201
zlrs.cofco.com 3600 IN A 10.6.36.1
zlwd.cofco.com 3600 IN A 219.238.239.158
Unable to obtain Server Version for bj-ns-04.cofco.com : query timed out
Trying Zone Transfer for cofco.com on bj-ns-02.cofco.com ...
cofco.com 3600 IN SOA
cofco.com 3600 IN NS
cofco.com 3600 IN NS
cofco.com 3600 IN NS
cofco.com 3600 IN NS
cofco.com 3600 IN MX
360rating.cofco.com 3600 IN A 152.5.125.110
506bpm.cofco.com 3600 IN A 10.6.5.18
506crm.cofco.com 3600 IN A 152.5.88.107
506CSC.cofco.com 3600 IN A 219.146.64.6
506dms.cofco.com 3600 IN A 10.6.5.93
506IMS.cofco.com 3600 IN A 10.6.5.100
506mcm.cofco.com 3600 IN A 10.6.5.76
506pingjia.cofco.com 3600 IN A 10.6.5.23
506pts.cofco.com 3600 IN A 10.6.5.89
506srm.cofco.com 3600 IN A 10.6.5.87
506WGM.cofco.com 3600 IN A 10.6.5.112
506wos.cofco.com 3600 IN A 10.6.5.94
606app.cofco.com 3600 IN A 10.6.130.12
606app02.cofco.com 3600 IN A 10.6.10.111
606app03.cofco.com 3600 IN A 10.6.10.140
606apptest.cofco.com 3600 IN A 10.6.10.110
_autodiscover._tcp.cofco.com 3600 IN SRV
_sipfederationtls._tcp.cofco.com 3600 IN SRV
_sip._tls.cofco.com 3600 IN SRV
an.cofco.com 3600 IN A 10.6.28.16
arms.cofco.com 3600 IN A 106.37.237.214
audit.cofco.com 3600 IN A 10.6.57.91
bcbe.cofco.com 3600 IN A 152.5.90.205
bcbebi.cofco.com 3600 IN A 10.6.9.16
bcbefk.cofco.com 3600 IN A 10.6.9.4
bchome.cofco.com 3600 IN A 10.6.9.11
bcoa.cofco.com 3600 IN A 10.6.9.12
behome.cofco.com 3600 IN A 10.6.9.20
beoa.cofco.com 3600 IN A 10.6.9.21
BI.cofco.com 3600 IN A 10.6.128.51
bimob.cofco.com 3600 IN A 10.6.128.50
bj-ns-01.cofco.com 3600 IN A 10.6.128.116
bj-ns-02.cofco.com 3600 IN A 152.5.4.22
bj-ns-03.cofco.com 3600 IN A 10.6.128.116
bj-ns-04.cofco.com 3600 IN A 152.5.4.22
c3.cofco.com 3600 IN A 106.37.237.211
c606it01.cofco.com 3600 IN A 10.6.10.152
ca.cofco.com 3600 IN A 10.6.2.201
careers.cofco.com 3600 IN A 152.5.90.207
ccba.cofco.com 3600 IN A 10.6.2.210
chatpool.cofco.com 3600 IN A 10.6.128.23
chengxin.cofco.com 3600 IN A 152.5.90.207
cofcomag.cofco.com 3600 IN A 10.6.128.5
course.cofco.com 3600 IN A 152.5.90.62
crm.cofco.com 3600 IN A 152.5.125.23
dmbi.cofco.com 3600 IN A 10.6.130.202
dmcrm.cofco.com 3600 IN A 10.6.130.201
dmcrmtest.cofco.com 3600 IN A 10.6.130.203
dmgp.cofco.com 3600 IN A 10.6.10.138
dmll.cofco.com 3600 IN A 10.6.10.145
dmoa.cofco.com 3600 IN A 10.6.130.204
dmoatest.cofco.com 3600 IN A 10.6.130.205
dmoatest01.cofco.com 3600 IN A 10.6.130.206
dmoo.cofco.com 3600 IN A 10.6.10.144
dmpurchase.cofco.com 3600 IN A 10.6.10.169
e-learning.cofco.com 3600 IN A 152.5.90.63
edgepool.cofco.com 3600 IN A 10.6.128.23
ehr.cofco.com 3600 IN A 10.6.57.66
3g.ehr.cofco.com 3600 IN A 10.6.57.66
ehrtest.cofco.com 3600 IN A 152.5.125.110
elife.cofco.com 3600 IN A 10.6.128.50
EV.cofco.com 3600 IN A 10.6.59.95
expo2010.cofco.com 3600 IN A 152.5.125.41
ez6s.cofco.com 3600 IN A 152.5.125.50
finance.cofco.com 3600 IN A 10.8.29.5
fms.cofco.com 3600 IN A 152.5.90.205
fmsdata.cofco.com 3600 IN A 152.5.90.55
futures.cofco.com 3600 IN A 10.6.8.19
gate.cofco.com 3600 IN A 152.5.90.51
gate.cofco.com 3600 IN MX
gloria.cofco.com 3600 IN A 121.199.69.87
gwsales.cofco.com 3600 IN A 10.6.4.107
haoshiku.cofco.com 3600 IN CNAME
healthclub.cofco.com 3600 IN CNAME
healthclubapi.cofco.com 3600 IN A 10.6.0.50
home.cofco.com 3600 IN A 10.6.128.25
hotel.cofco.com 3600 IN A 10.6.12.22
hrtest.cofco.com 3600 IN A 124.117.242.177
huihuang60.cofco.com 3600 IN A 152.5.90.207
i-rice.cofco.com 3600 IN MX
mail.i-rice.cofco.com 3600 IN CNAME
idea.cofco.com 3600 IN A 106.37.237.213
ihome.cofco.com 3600 IN A 10.6.128.25
im.cofco.com 3600 IN A 111.207.82.72
imeeting.cofco.com 3600 IN A 10.6.128.53
info.cofco.com 3600 IN A 152.5.125.110
InfoCollect.cofco.com 3600 IN A 10.6.57.124
innofair.cofco.com 3600 IN A 106.37.237.213
ipms.cofco.com 3600 IN A 106.37.237.215
itunhe.cofco.com 3600 IN A 124.117.242.177
itunhemail.cofco.com 3600 IN A 124.117.242.177
itunheoa.cofco.com 3600 IN A 124.117.242.177
iufo.cofco.com 3600 IN A 10.6.2.102
jc.cofco.com 3600 IN A 10.6.128.50
joycitycrmws.cofco.com 3600 IN A 10.6.131.2
km.cofco.com 3600 IN A 10.6.4.100
kmtest.cofco.com 3600 IN A 10.6.4.103
lanxin.cofco.com 3600 IN A 10.6.128.60
leader.cofco.com 3600 IN A 10.6.2.199
live.cofco.com 3600 IN A 10.6.57.169
lync.cofco.com 3600 IN A 10.6.128.23
lync-owa01.cofco.com 3600 IN A 10.6.57.163
lyncdiscover.cofco.com 3600 IN A 10.6.57.160
m.cofco.com 3600 IN A 10.6.128.53
mail.cofco.com 3600 IN A 10.6.61.88
mail2.cofco.com 3600 IN A 152.5.90.205
mail2k7.cofco.com 3600 IN A 10.6.61.88
md.cofco.com 3600 IN A 10.6.128.140
mdm.cofco.com 3600 IN A 10.6.128.11
media.cofco.com 3600 IN A 152.5.90.207
media1.cofco.com 3600 IN A 152.5.90.207
mediationpool.cofco.com 3600 IN A 10.6.128.23
mx1.cofco.com 3600 IN A 152.5.4.5
nc.cofco.com 3600 IN A 10.6.2.107
newkm.cofco.com 3600 IN A 106.37.237.210
nhribpm.cofco.com 3600 IN A 106.37.237.216
nhrisocial.cofco.com 3600 IN A 10.6.4.105
nw.cofco.com 3600 IN A 207.46.128.18
oil.cofco.com 3600 IN A 10.6.5.23
outspam.cofco.com 3600 IN A 10.6.128.22
plm.cofco.com 3600 IN A 106.37.237.217
plmpre.cofco.com 3600 IN A 106.37.237.218
pool.cofco.com 3600 IN A 10.6.57.160
prms.cofco.com 3600 IN A 10.6.57.53
property.cofco.com 3600 IN A 113.105.85.6
propertyinfo.cofco.com 3600 IN A 113.105.85.6
propertymail.cofco.com 3600 IN A 113.105.85.6
propertyoa.cofco.com 3600 IN A 113.105.85.6
propertyoa-test.cofco.com 3600 IN A 113.105.85.6
propertyoa1.cofco.com 3600 IN A 113.105.85.6
propertysm.cofco.com 3600 IN A 113.105.85.6
pwd.cofco.com 3600 IN A 10.6.57.62
qhselearning.cofco.com 3600 IN A 10.6.128.58
qscd.cofco.com 3600 IN A 10.6.57.42
qywh.cofco.com 3600 IN A 10.6.0.55
rating.cofco.com 3600 IN A 152.5.125.23
recruit.cofco.com 3600 IN A 152.5.125.23
report.cofco.com 3600 IN A 152.5.125.3
RTX.cofco.com 3600 IN A 10.6.128.131
rtxmetting.cofco.com 3600 IN A 10.6.128.132
rtxmobile.cofco.com 3600 IN A 10.6.128.133
SCRM.cofco.com 3600 IN A 10.6.57.124
sdc.cofco.com 3600 IN A 10.6.0.47
sentry.cofco.com 3600 IN A 10.6.128.26
sip.cofco.com 3600 IN A 10.6.128.23
spam.cofco.com 3600 IN A 152.5.4.5
sslvpn.cofco.com 3600 IN A 10.6.128.6
survey.cofco.com 3600 IN A 10.6.57.97
svnnhri.cofco.com 3600 IN A 10.6.4.113
tg.cofco.com 3600 IN A 152.5.176.42
th_webapp1.cofco.com 3600 IN A 124.117.242.177
thrd.cofco.com 3600 IN A 124.117.242.183
tomato.cofco.com 3600 IN MX
tunhemoss.cofco.com 3600 IN A 124.117.242.177
tunheoa.cofco.com 3600 IN A 152.5.125.33
tunheoai.cofco.com 3600 IN A 124.117.242.177
tunhetask.cofco.com 3600 IN A 124.117.242.177
vhome.cofco.com 3600 IN A 152.5.4.11
vip.cofco.com 3600 IN A 42.120.40.73
voc.cofco.com 3600 IN A 106.37.237.212
wangpan.cofco.com 3600 IN A 10.6.58.110
wine.cofco.com 3600 IN MX
www.cofco.com 3600 IN A 10.6.128.2
www1.cofco.com 3600 IN A 10.6.0.46
ytsales.cofco.com 3600 IN A 152.5.90.131
zlh.cofco.com 3600 IN A 115.28.237.201
zlrs.cofco.com 3600 IN A 10.6.36.1
zlwd.cofco.com 3600 IN A 219.238.239.158
Unable to obtain Server Version for bj-ns-02.cofco.com : query timed out
Wildcards detected, all subdomains will point to the same IP address, bye.
root@bt:/pentest/enumeration/dns/dnsenum#

QQ截图20141104154729.jpg

漏洞证明:

QQ截图20141104154729.jpg

修复方案:

版权声明:转载请注明来源 c0nt@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-11-09 17:18

厂商回复:

最新状态:

暂无