至德迅通DNS域传送漏洞(影响大量企业管理系统)

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0111339

漏洞标题：至德迅通DNS域传送漏洞(影响大量企业管理系统)

漏洞作者：几何黑店

提交时间：2015-05-12 17:10

修复时间：2015-06-29 17:58

公开时间：2015-06-29 17:58

漏洞类型：应用配置错误

危害等级：中

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-05-12：细节已通知厂商并且等待厂商处理中
2015-05-15：厂商已经确认，细节仅向厂商公开
2015-05-25：细节向核心白帽子及相关领域专家公开
2015-06-04：细节向普通白帽子公开
2015-06-14：细节向实习白帽子公开
2015-06-29：细节向公众公开

简要描述：

至德迅通DNS域传送漏洞(影响大量企业管理系统)

详细说明：

digilinx.net.cn

> ls -d digilinx.net.cn > digilinx.net.cn.txt
[ns1.denvor.com]
#
已接收 351 记录 s。
> view digilinx.net.cn.txt
 *                              CNAME  www.digilinx.net
 136                            A      210.192.102.136
 138                            A      210.192.124.138
 141                            A      210.192.102.141
 3g-xa                          A      210.192.124.138
 5910                           A      210.192.124.138
 ahtc                           A      210.192.124.138
 alpas                          A      210.192.124.138
 ankang                         A      218.241.86.190
 ao-china                       A      203.130.33.71
 aosmith                        A      210.192.124.138
 asd                            A      203.130.33.71
 asdtest                        A      210.192.124.138
 auxgroup                       A      210.192.124.138
 baidi-test                     A      210.192.124.138
 baidi                          A      210.192.124.138
 beer-demo                      A      210.192.124.138
 beerjn                         A      210.192.124.138
 beifang                        A      210.192.124.138
 beingmate-all                  A      210.192.124.138
 beingmate-china                A      203.130.33.71
 beingmate-henan-test           A      210.192.124.138
 beingmate-jx                   A      210.192.124.138
 beingmate-qycs                 A      210.192.124.138
 beingmate-test                 A      210.192.124.138
 beingmate                      A      210.192.124.138
 binzhou                        A      210.192.124.138
 biostime-test                  A      210.192.124.138
 biostime                       A      203.130.33.71
 blueribbon-demo                A      210.192.124.138
 blueribbon                     A      210.192.124.138
 bohai-group                    A      210.192.124.138
 bosh                           A      210.192.124.138
 brightdairy-sd                 A      210.192.124.138
 bsh-demo-td                    A      203.130.33.71
 bsh-test                       A      203.130.33.71
 bshg-ama                       A      54.223.170.35
 bshg                           A      210.192.124.138
 bshgtracker                    A      210.192.102.133
 bshhh                          A      203.130.36.43
 bshhhh                         A      203.130.36.43
 bshwx                          A      54.223.170.35
 c-bons                         A      210.192.124.138
 carlsberg                      A      210.192.124.138
cestar                         A      210.192.124.138
changhongnb1                   A      211.100.30.184
chinabym                       A      210.192.102.133
chinafxt                       A      210.192.124.138
chunyuangroup                  A      210.192.124.138
cnc                            A      210.192.124.138
cnpc-xj                        A      210.192.124.138
coca-cola                      A      210.192.124.138
cocacola-telecom               A      210.192.124.138
cocacola-xianxml               A      210.192.124.138
cqfood                         A      210.192.124.138
cqty                           A      210.192.124.138
ct-tm                          A      218.241.86.190
czhl                           A      210.192.124.138
demo-uni                       A      210.192.124.138
digikh                         A      210.192.124.138
digilinx.net.cn.               A      210.192.102.136
digilinx.net.cn.               NS     ns1.denvor.com
digilinx.net.cn.               SOA    digilinx.net.cn ns1.denvor.com. (20150408
1 28800 28800 2419200 86400)
digilinx.net.cn.               SOA    digilinx.net.cn ns1.denvor.com. (20150408
1 28800 28800 2419200 86400)
digilinx.net.cn.               TXT             "digilinx.net.cn"
doublestar                     A      210.192.124.138
dpgj                           A      210.192.102.141
dqy-test                       A      210.192.124.138
dqy                            A      210.192.124.138
dubang                         A      210.192.124.138
dxjr                           A      203.130.33.71
dxys                           A      203.130.33.71
fengyuan                       A      210.192.124.138
fjc100                         A      210.192.124.138
fotile-cd                      A      210.192.124.138
fotile-group                   A      210.192.124.138
fotile-test                    A      210.192.124.138
fotile                         A      210.192.124.138
fuanna                         A      210.192.124.138
ginsber                        A      210.192.124.138
glsd-park                      A      210.192.124.138
glsd                           A      210.192.124.138
golddaio                       A      210.192.124.138
golddaiotest                   A      210.192.124.138
goldpartner-all                A      210.192.124.138
goldpartner-china              A      210.192.124.138
goldpartner                    A      210.192.124.138
goldpartnertest                A      210.192.124.138
gree-ah                        A      210.192.124.138
gree-hainan                    A      210.192.124.138
gree-sx                        A      210.192.124.138
gree                           A      210.192.124.138
guangming-sd-test              A      210.192.124.138
guangming-sd                   A      210.192.124.138
guangming-zs-dh                A      210.192.124.138
guangming-zs                   A      210.192.124.138
guangrang-test                 A      203.130.33.71
guangrang                      A      203.130.33.71
guanshengyuan-sh-test          A      210.192.124.138
guanshengyuan-sh               A      210.192.124.138
haier-china                    A      203.130.33.71
haier-moban                    A      203.130.33.71
hbhstj                         A      210.192.124.138
hek-test                       A      210.192.124.138
hek                            A      203.130.33.71
herp-test                      A      210.192.102.141
herp                           A      210.192.102.141
himin                          A      210.192.124.138
hljgs                          A      210.192.124.138
hnny                           A      203.130.33.71
hnnytest                       A      210.192.124.138
hongju                         A      210.192.124.138
houshengji                     A      210.192.124.138
hsufuchifoods                  A      210.192.124.138
huahuaniu-hn                   A      210.192.124.138
huahuaniu                      A      210.192.124.138
huaxin-test                    A      203.130.33.71
huaxin                         A      203.130.33.71
huiquan-test                   A      210.192.124.138
huiquan                        A      210.192.124.138
interdata                      A      210.192.124.138
ipad-menqing                   A      210.192.102.141
ipad-standards                 A      210.192.102.141
isss                           A      210.192.124.138
jiajiagroup                    A      210.192.124.138
jianzhu-ah                     A      203.130.33.71
jingpai                        A      210.192.124.138
jingsheng                      A      210.192.124.138
jinguan                        A      210.192.102.141
jinhemilk                      A      210.192.124.138
jinluo                         A      210.192.124.138
jld                            A      203.130.33.71
joyoung-china                  CNAME  141.digilinx.net.cn
joyoung-test                   A      210.192.102.141
joyoungpad                     A      210.192.102.141
jsw-hunan                      A      210.192.124.138
jttxl                          A      211.138.70.231
jule                           A      210.192.124.138
junlebaoruye                   A      210.192.124.138
kaidi-sw                       A      210.192.124.138
kedi                           A      210.192.124.138
kedifood-test                  A      210.192.124.138
kedifood                       A      210.192.124.138
kingwaybeer                    A      210.192.124.138
kx-demo                        A      210.192.124.138
kx-dxhc                        A      210.192.124.138
kx-dxsp                        A      210.192.124.138
kxmn-unicom                    A      210.192.124.138
landbond                       A      210.192.124.138
lanma                          A      210.192.124.138
lanpai-beer                    A      210.192.124.138
lenovo                         A      210.192.124.138
lenovotest                     A      210.192.124.138
linuo                          A      210.192.124.138
lishui                         A      210.192.124.138
liuliu                         A      210.192.124.138
liuliumei                      A      210.192.124.138
location                       A      210.192.124.138
luhua                          A      210.192.124.138
luowa                          A      210.192.124.138
mankattan                      A      210.192.124.138
mdt                            A      210.192.102.141
meiling-all                    A      203.130.33.71
meiling-china                  A      203.130.33.71
mengniu-bj                     A      210.192.124.138
mengniu-dg                     A      210.192.124.138
mengniu-dx                     A      210.192.124.138
mengniu-hf-test                A      210.192.124.138
mengniu-hf                     A      210.192.124.138
mengniu-hz-test                A      210.192.124.138
mengniu-hz                     A      210.192.124.138
mengniu-jining                 A      210.192.124.138
mengniu-jinxiang               A      210.192.124.138
mengniu-jn                     A      210.192.124.138
mengniu-linyi                  A      210.192.124.138
mengniu-mm                     A      210.192.124.138
mengniu-nj                     A      210.192.124.138
mengniu-tl                     A      210.192.124.138
mengniu-wh                     A      210.192.124.138
mengniu-xa                     A      210.192.124.138
mengniu-yutai                  A      210.192.124.138
mengniu-zz                     A      210.192.124.138
menqing                        A      210.192.102.141
midea-all                      A      203.130.33.71
midea-china                    A      203.130.33.71
midea-dls                      A      203.130.33.71
midea-hf                       A      203.130.33.71
midea-nj                       A      203.130.33.71
midea-px                       A      210.192.102.141
midea-web                      A      203.130.33.71
midea-wh                       A      203.130.33.71
mideapx                        A      121.199.60.127
mideaweb                       A      203.130.33.71
minsheng                       A      210.192.124.138
mlht                           A      210.192.124.138
mobile-qz                      A      210.192.124.138
msfi                           A      210.192.102.141
newhope                        A      218.241.86.190
newhopedairy                   A      210.192.124.138
nfrh                           A      210.192.124.138
nfrhtest                       A      210.192.124.138
nikon-sms                      A      210.192.102.136
ningxiahong                    A      210.192.124.138
nivea-test                     A      210.192.124.138
nivea                          A      210.192.124.138
nymc-fj                        A      210.192.124.138
nymc-test                      A      210.192.124.138
nymc                           A      210.192.124.138
oves                           CNAME  141.digilinx.net.cn
pepsi                          A      210.192.124.138
pic138                         A      210.192.124.138
picc                           A      210.192.124.138
proxy                          A      203.130.33.71
ptac                           A      210.192.124.138
ptacnew                        A      210.192.124.138
ptacopt                        A      210.192.102.133
ptactest                       A      210.192.124.138
px-all                         A      210.192.102.141
qhmobile                       A      210.192.124.138
qiaqia-jh                      A      210.192.124.138
qiaqia-jxs-test                A      210.192.124.138
qiaqia-jxs                     A      210.192.124.138
qiaqia-test                    A      210.192.124.138
qiaqia                         A      210.192.124.138
qingsong                       A      210.192.124.138
qp-jr                          A      210.192.124.138
report                         A      210.192.124.138
report1                        A      210.192.124.138
reportnew                      A      203.130.36.43
samunlisa                      A      210.192.124.138
sanli-jn                       A      210.192.124.138
sanli-test                     A      210.192.124.138
sanlu-wf                       A      210.192.124.138
sanquan-hn                     A      210.192.124.138
sanquan                        A      210.192.124.138
sanyo                          A      210.192.124.138
sanyoipad                      A      210.192.124.138
sanyoipadtest                  A      203.130.33.71
sanyotest                      A      210.192.124.138
scjohnson                      A      203.130.33.71
scunicom                       A      210.192.124.138
sdemo                          A      210.192.124.138
sdhsg                          A      210.192.124.138
sdluhua                        A      210.192.124.138
sdsm                           A      203.130.33.71
setino                         A      210.192.124.138
sh                             A      210.192.124.138
sharp-china                    A      210.192.102.141
sharp-mobile-new               A      210.192.124.138
sharp-mobile                   A      210.192.102.133
sharp-new-test                 A      210.192.102.141
sharp-test                     A      210.192.102.141
sharp                          A      210.192.102.133
sharp1                         A      210.192.102.133
sharpipad                      A      210.192.102.133
shuanghui-yt                   A      210.192.124.138
shuanghui                      A      210.192.124.138
supor-demo                     A      210.192.124.138
supor-new                      A      210.192.124.138
suzlon                         A      210.192.102.141
sxfx                           A      218.241.86.190
symc                           A      210.192.124.138
taizinai-hn                    A      210.192.124.138
tangrenshen                    A      210.192.124.138
tel3g                          A      210.192.124.138
telec-standards                CNAME  141.digilinx.net.cn
telecom-ah                     A      203.130.33.71
telecom-gs                     A      210.192.124.138
telecom-jiadian                A      210.192.124.138
telecom-jixie                  A      210.192.124.138
telecom-kuaixiao               A      210.192.124.138
telecom-kx                     A      210.192.124.138
testnew                        A      211.100.30.184
tfwz-test                      A      203.130.33.71
tfwz                           A      203.130.33.71
tianqi                         A      210.192.124.138
tianyoudairy                   A      210.192.124.138
tongf                          A      210.192.102.141
trinity                        A      210.192.124.138
tsingtao-test                  A      210.192.124.138
tsingtao                       A      210.192.124.138
tsk                            A      210.192.124.138
unicom-bsh                     A      210.192.124.138
unicom-hn                      A      210.192.124.138
unicom-kx                      A      210.192.124.138
unicom-rp                      A      210.192.124.138
unicom-vsens                   A      210.192.124.138
unicom-vsenstest               A      210.192.102.144
update                         A      203.130.36.43
update1                        A      123.103.15.150
update2                        A      203.130.33.71
update3                        A      210.192.102.144
update4                        A      210.192.124.138
updatenew                      A      180.153.28.163
vsens-partner                  A      210.192.124.138
vsenspartner-test              A      210.192.124.138
vsenspartner                   A      210.192.124.138
wahaha-ah                      A      203.130.33.71
wahaha-ahtest                  A      210.192.124.138
wahaha-china                   A      210.192.102.141
wahaha-demo                    A      210.192.102.141
wahaha-wf                      A      210.192.124.138
wahaha-wn                      A      203.130.33.71
wahaha-wntest                  A      203.130.33.71
wahaha-xian                    A      210.192.124.138
wahaha                         A      210.192.102.141
walch                          A      210.192.124.138
wapdl                          A      210.192.124.138
weigang-nt                     A      210.192.124.138
whirlpool                      A      210.192.124.138
wp                             A      210.192.102.136
wst-standards                  A      210.192.102.141
whirlpool                      A      210.192.124.138
wp                             A      210.192.102.136
wst-standards                  A      210.192.102.141
wusanyo                        A      210.192.102.136
www                            A      210.192.102.136
xiajin                         A      210.192.124.138
xibeile                        A      210.192.124.138
y-rong                         A      210.192.124.138
yanchang                       A      210.192.124.138
yanjing                        A      210.192.124.138
ybsl                           A      210.192.124.138
ydhc                           A      210.192.124.138
yhx                            A      210.192.124.138
yili-cd                        A      210.192.124.138
yili-db                        A      210.192.124.138
yili-demo                      A      210.192.124.138
yili-hd                        A      210.192.124.138
yili-hn                        A      210.192.124.138
yili-jj                        A      210.192.124.138
yili-lh                        A      210.192.124.138
yili-ln                        A      210.192.124.138
yili-ly                        A      210.192.124.138
yili-lz                        A      210.192.124.138
yili-mg                        A      210.192.124.138
yili-sd                        A      210.192.124.138
yili-sl                        A      210.192.124.138
yili-test                      A      210.192.124.138
yili-xb-drink                  A      210.192.124.138
yili-xb                        A      210.192.124.138
yilixb-milk                    A      210.192.124.138
yiliynxn                       A      210.192.124.138
yinger                         A      210.192.124.138
yinlu-china                    A      210.192.102.141
yinlu-test                     A      210.192.102.141
yinlu                          A      210.192.124.138
yinqiao-milk                   A      210.192.124.138
yinqiao-xa                     A      210.192.124.138
yinqiao                        A      210.192.124.138
yiyang-jy                      A      210.192.124.138
yj-cf                          A      210.192.124.138
zhisheng                       A      210.192.124.138
zungui                         A      210.192.124.138

漏洞证明：

修复方案：

你懂的

版权声明：转载请注明来源几何黑店@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：10

确认时间：2015-05-15 17:57

厂商回复：

CNVD未直接复现所述情况，已经由CNVD通过网站公开联系方式向软件生产厂商通报。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0111339

漏洞标题：至德迅通DNS域传送漏洞(影响大量企业管理系统)

相关厂商：至德迅通

漏洞作者：几何黑店

提交时间：2015-05-12 17:10

修复时间：2015-06-29 17:58

公开时间：2015-06-29 17:58

漏洞类型：应用配置错误

危害等级：中

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源几何黑店@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0111339

漏洞标题：至德迅通DNS域传送漏洞(影响大量企业管理系统)

相关厂商：至德迅通

漏洞作者： 几何黑店

提交时间：2015-05-12 17:10

修复时间：2015-06-29 17:58

公开时间：2015-06-29 17:58

漏洞类型：应用配置错误

危害等级：中

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0111339"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 几何黑店@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：几何黑店

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源几何黑店@乌云