当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0115690

漏洞标题:赛尔校园先锋DNS域传送漏洞

相关厂商:赛尔校园先锋

漏洞作者: byteway

提交时间:2015-05-25 11:40

修复时间:2015-05-30 11:42

公开时间:2015-05-30 11:42

漏洞类型:系统/服务运维配置不当

危害等级:中

自评Rank:10

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-25: 细节已通知厂商并且等待厂商处理中
2015-05-30: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

DNS配置不当,造成一些非公开域名泄露

详细说明:

0x00.恶意用户可以通过dns域传送获取被攻击域下所有的子域名。会导致一些非公开域名(测试域名、内部域名)泄露。而泄露的类似内部域名,其安全性相对较低,更容易遭受攻击者的攻击,比较典型的譬如内部的测试机往往就会缺乏必要的安全设置.
该配置不当的DNS Server为:dns2.etone.edu.cn

1.jpg

漏洞证明:

shop.edu.cn. IN AXFR
;ANSWER
shop.edu.cn. 86400 IN SOA shop.edu.cn. qikw.cernet.com. 2015052201 86400 3600 604800 10800
shop.edu.cn. 86400 IN MX 10 mail.shop.edu.cn.
shop.edu.cn. 86400 IN NS dns1.etone.edu.cn.
shop.edu.cn. 86400 IN NS dns2.etone.edu.cn.
shop.edu.cn. 86400 IN TXT "v=spf1 ip4:59.64.112.160 59.64.112.161 -all"
shop.edu.cn. 86400 IN A 117.79.83.205
852214867.shop.edu.cn. 86400 IN CNAME domains.live.com.
default._domainkesy.shop.edu.cn. 86400 IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQC82/U8cXL5DKtFf9XTBSJTWUWnpGjzBf5da5TTdhL11OEhU6MorlH0iCgd8P6M9X8i4wQFk1nDvrsKdEdGWxLW4BaGko5b7eIDzI9lfeqWV2zrfJ6DB4zcca4AVgZBLhB757kq475508LWD1zIqRAQSVC4cJgMTywIDAQAB"
abc.shop.edu.cn. 86400 IN MX 10 1882003221.pamx1.hotmail.com.
all.shop.edu.cn. 86400 IN A 117.79.83.206
api.shop.edu.cn. 86400 IN A 117.79.83.205
api2.shop.edu.cn. 86400 IN A 117.79.83.205
bulkmail.shop.edu.cn. 86400 IN A 117.79.83.205
content.shop.edu.cn. 86400 IN A 117.79.83.205
cps.shop.edu.cn. 86400 IN A 117.79.83.205
dh.shop.edu.cn. 86400 IN A 117.79.83.205
download.shop.edu.cn. 86400 IN A 117.79.83.199
edm.shop.edu.cn. 86400 IN A 119.148.161.223
edm.shop.edu.cn. 86400 IN TXT "v=spf1 ip4:119.148.161.207 ip4:119.148.161.208 ip4:119.148.161.209 ip4:119.148.161.232 ip4:119.148.161.233 ip4:107.163.53.70/28 -all"
edm.shop.edu.cn. 86400 IN TXT "v=spf2.0/pra ip4:119.148.161.207 ip4:119.148.161.208 ip4:119.148.161.209 ip4:119.148.161.232 ip4:119.148.161.233 ip4:107.163.53.70/28 -all"
edm.shop.edu.cn. 86400 IN MX 10 mx01.edm.shop.edu.cn.
mx01.edm.shop.edu.cn. 86400 IN A 119.148.161.223
spf.edm.shop.edu.cn. 86400 IN TXT "v=spf1 ip4:119.148.161.207 ip4:119.148.161.208 ip4:119.148.161.209 ip4:119.148.161.232 ip4:119.148.161.233 ip4:107.163.53.70/28 -all"
spf.edm.shop.edu.cn. 86400 IN TXT "v=spf2.0/pra ip4:119.148.161.207 ip4:119.148.161.208 ip4:119.148.161.209 ip4:119.148.161.232 ip4:119.148.161.233 ip4:107.163.53.70/28 -all"
edm1.shop.edu.cn. 86400 IN A 59.64.112.152
edm2.shop.edu.cn. 86400 IN MX 10 mx01.edm2.shop.edu.cn.
edm2.shop.edu.cn. 86400 IN TXT "v=spf1 ip4:221.238.251.85 ip4:221.238.251.86 ip4:221.238.251.87 -all"
edm2.shop.edu.cn. 86400 IN TXT "v=spf2.0/pra ip4:221.238.251.85 ip4:221.238.251.86 ip4:221.238.251.87 -all"
mx01.edm2.shop.edu.cn. 86400 IN A 221.238.251.85
spf.edm2.shop.edu.cn. 86400 IN TXT "v=spf1 ip4:221.238.251.85 ip4:221.238.251.86 ip4:221.238.251.87 -all"
spf.edm2.shop.edu.cn. 86400 IN TXT "v=spf2.0/pra ip4:221.238.251.85 ip4:221.238.251.86 ip4:221.238.251.87 -all"
esale.shop.edu.cn. 86400 IN A 117.79.83.205
module.esales.shop.edu.cn. 86400 IN A 59.64.112.165
module.esales.shop.edu.cn. 86400 IN A 59.64.112.169
help.shop.edu.cn. 86400 IN A 117.79.83.205
img.shop.edu.cn. 86400 IN A 117.79.83.205
item.shop.edu.cn. 86400 IN A 117.79.83.205
live.shop.edu.cn. 86400 IN MX 10 561426919.pamx1.hotmail.com.
admin.mai.shop.edu.cn. 86400 IN A 59.64.112.165
admin.mai.shop.edu.cn. 86400 IN A 59.64.112.169
mail.shop.edu.cn. 86400 IN A 59.64.112.161
member.shop.edu.cn. 86400 IN A 117.79.83.205
message.shop.edu.cn. 86400 IN A 222.28.154.80
message.shop.edu.cn. 86400 IN TXT "v=spf1 ip4:222.28.154.0/24 -all"
message.shop.edu.cn. 86400 IN MX 10 shop.edu.cn.
ms.shop.edu.cn. 86400 IN A 117.79.83.205
api.ms.shop.edu.cn. 86400 IN A 59.64.112.165
api.ms.shop.edu.cn. 86400 IN A 59.64.112.169
quwan.api.ms.shop.edu.cn. 86400 IN A 59.64.112.165
quwan.api.ms.shop.edu.cn. 86400 IN A 59.64.112.169
xunlei.api.ms.shop.edu.cn. 86400 IN A 59.64.112.165
xunlei.api.ms.shop.edu.cn. 86400 IN A 59.64.112.169
card.ms.shop.edu.cn. 86400 IN A 59.64.112.165
card.ms.shop.edu.cn. 86400 IN A 59.64.112.169
gaopeng.card.ms.shop.edu.cn. 86400 IN A 59.64.112.165
gaopeng.card.ms.shop.edu.cn. 86400 IN A 59.64.112.169
lenovo.card.ms.shop.edu.cn. 86400 IN A 59.64.112.165
lenovo.card.ms.shop.edu.cn. 86400 IN A 59.64.112.169
interface.ms.shop.edu.cn. 86400 IN A 59.64.112.165
interface.ms.shop.edu.cn. 86400 IN A 59.64.112.169
kistool.ms.shop.edu.cn. 86400 IN A 59.64.112.162
ms-sales.ms.shop.edu.cn. 86400 IN A 59.64.112.165
ms-sales.ms.shop.edu.cn. 86400 IN A 59.64.112.169
msei.ms.shop.edu.cn. 86400 IN A 59.64.112.165
msei.ms.shop.edu.cn. 86400 IN A 59.64.112.169
ms-sales.shop.edu.cn. 86400 IN A 59.64.112.165
ms-sales.shop.edu.cn. 86400 IN A 59.64.112.169
mstest.shop.edu.cn. 86400 IN A 59.64.112.165
mstest.shop.edu.cn. 86400 IN A 59.64.112.169
qikwtest.shop.edu.cn. 86400 IN A 117.79.83.205
qikwtest2.shop.edu.cn. 86400 IN A 117.79.83.206
qinghua.shop.edu.cn. 86400 IN A 117.79.83.206
ste.shop.edu.cn. 86400 IN A 117.79.83.205
apple.test.shop.edu.cn. 86400 IN A 117.79.83.206
testwsuacademy.shop.edu.cn. 86400 IN A 59.64.112.135
track.shop.edu.cn. 86400 IN A 117.79.83.205
trade.shop.edu.cn. 86400 IN A 117.79.83.205
union.shop.edu.cn. 86400 IN A 59.64.112.165
union.shop.edu.cn. 86400 IN A 59.64.112.169
*.union.shop.edu.cn. 86400 IN A 59.64.112.165
*.union.shop.edu.cn. 86400 IN A 59.64.112.169
update.shop.edu.cn. 86400 IN A 59.64.112.135
upload.shop.edu.cn. 86400 IN A 117.79.83.205
voucher.shop.edu.cn. 86400 IN A 59.64.112.169
voucher.shop.edu.cn. 86400 IN A 59.64.112.165
wauacademy.shop.edu.cn. 86400 IN A 59.64.112.135
wseacademy.shop.edu.cn. 86400 IN A 59.64.112.135
www.shop.edu.cn. 86400 IN A 117.79.83.205
yehjgsh.shop.edu.cn. 86400 IN A 192.168.2.2
shop.edu.cn. 86400 IN SOA shop.edu.cn. qikw.cernet.com. 2015052201 86400 3600 604800 10800
;AUTHORITY
;ADDITIONAL

修复方案:

使用IP或者Key设置allow-transfer 的ACL

版权声明:转载请注明来源 byteway@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-05-30 11:42

厂商回复:

漏洞Rank:2 (WooYun评价)

最新状态:

暂无