当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-096309

漏洞标题:台湾飞翔骆驼商城存在dns域传送漏洞大量域名指向外泄

相关厂商:Hitcon台湾互联网漏洞报告平台

漏洞作者: 路人甲

提交时间:2015-02-11 11:40

修复时间:2015-03-28 11:40

公开时间:2015-03-28 11:40

漏洞类型:系统/服务运维配置不当

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-02-11: 细节已通知厂商并且等待厂商处理中
2015-02-15: 厂商已经确认,细节仅向厂商公开
2015-02-25: 细节向核心白帽子及相关领域专家公开
2015-03-07: 细节向普通白帽子公开
2015-03-17: 细节向实习白帽子公开
2015-03-28: 细节向公众公开

简要描述:

店铺数量:15193
商品数量:1451658

详细说明:

1.地址:
http://www.aircamel.com.tw/
2.首页:

34B7346C-A540-4099-A3B8-FEB962065619.png


3.外泄域名指向:

; <<>> DiG 9.8.3-P1 <<>> @ns2.aircamel.com.tw. axfr aircamel.com.tw
; (1 server found)
;; global options: +cmd
aircamel.com.tw. 2592000 IN SOA ns.aircamel.com.tw. root.aircamel.com.tw. 2014010901 38400 10800 604800 38400
aircamel.com.tw. 2592000 IN NS ns.aircamel.com.tw.
aircamel.com.tw. 2592000 IN NS ns2.aircamel.com.tw.
aircamel.com.tw. 2592000 IN A 61.31.237.1
aircamel.com.tw. 2592000 IN MX 10 mail.aircamel.com.tw.
aircamel.com.tw. 2592000 IN MX 20 mail2.aircamel.com.tw.
aircamel.com.tw. 2592000 IN MX 30 edm.aircamel.com.tw.
aircamel.com.tw. 2592000 IN TXT "v=spf1 a mx ~all"
aircamel.com.tw. 2592000 IN TXT "v=spf1 a mx include:aircamel.com.tw include:aircamel.com.tw ~all"
*.aircamel.com.tw. 2592000 IN A 61.31.237.1
17240game.aircamel.com.tw. 2592000 IN CNAME www.17240game.com.
_domainkey.aircamel.com.tw. 2592000 IN TXT "t=y"
default._domainkey.aircamel.com.tw. 2592000 IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDClgINATEtOfSohQM+0h0tOIvX/LcST4zc/FgEFnnJD/Q4xSWOCqhoZ6GG9Ocn903t8aPE7jW7wiMkNSG2wmbU1WEmlVTfEDZUuXg0bazUttv0gXSmwk/NQTNb+HUMNJIzIi56y/2LCrXSyuO6zSQI0wPHhQZ359dBJkLfX9mmmwIDAQAB"
edmdkim._domainkey.aircamel.com.tw. 2592000 IN TXT "v=DKIM1\; r=postmaster\; g=*\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCoa9AONxfXkZz1/H32tld+mTzabQ4Mf/xIqVcy7Miy4HUIBKhKe5FOAJwBlpPv+hQDH0M7IcJr/Lz55fPARdqBF/LgdWuKBoFLVPtITkChukqqsahpim0cr8bQamqvbWPpbviKDpL0aZz1zR17RQxkY2fPxZbpOSfpyU6W073SQIDAQAB"
key1._domainkey.aircamel.com.tw. 2592000 IN TXT "v=DKIM1\; g=*\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNDGOY+OrRFnJUTkCiTmRDy/W4FO97HPYqmKUcTrfEGiIgr6tad5liuz3VFgEDRABN3DwwsUC38fI0wXN+qPm6Emycr1nGThiAiZQftrN2WsCeDkjAQUH30tALLMdLfQPEaXCwqFgfuKkpcB5maQ4zy5kM948ODhWK9+TDj0vRPwIDAQAB"
mail._domainkey.aircamel.com.tw. 2592000 IN TXT "g=\; k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcX47OKrRherQy1yzaE6Zjnw0+GNzMertRjNVmgvqmbtky07XCkSeTQh6T8N0mwQG70k8wNxlRwuacsSsyRDnawR7/NhaPmamBgojRn81fRSQCA8YKRoCtg+YVY31jZT/g+5VFuEM1Ty7a/oGhM+9yMqe/qX5N7+mOVt6TDhYXHQIDAQAB"
api.aircamel.com.tw. 2592000 IN A 61.31.237.4
cn.aircamel.com.tw. 2592000 IN A 61.31.237.17
*.cn.aircamel.com.tw. 2592000 IN A 61.31.237.17
cndev.aircamel.com.tw. 2592000 IN A 61.31.237.97
*.cndev.aircamel.com.tw. 2592000 IN A 61.31.237.97
www.cndev.aircamel.com.tw. 2592000 IN A 61.31.237.97
cnstable.aircamel.com.tw. 2592000 IN A 61.31.237.19
*.cnstable.aircamel.com.tw. 2592000 IN A 61.31.237.19
www.cnstable.aircamel.com.tw. 2592000 IN A 61.31.237.19
dev.aircamel.com.tw. 2592000 IN A 61.31.237.97
*.dev.aircamel.com.tw. 2592000 IN A 61.31.237.97
www.dev.aircamel.com.tw. 2592000 IN A 61.31.237.97
edm.aircamel.com.tw. 2592000 IN TXT "v=spf1 a -all"
edm.aircamel.com.tw. 2592000 IN A 61.31.237.35
event.aircamel.com.tw. 2592000 IN A 61.31.237.5
forum.aircamel.com.tw. 2592000 IN A 61.31.237.1
goods.aircamel.com.tw. 2592000 IN A 61.31.237.1
idolstar.aircamel.com.tw. 2592000 IN A 61.31.237.5
img.aircamel.com.tw. 2592000 IN A 61.31.237.3
mail.aircamel.com.tw. 2592000 IN TXT "v=spf1 a -all"
mail.aircamel.com.tw. 2592000 IN TXT "v=spf1 ip4:202.153.188.11/32 ~all"
mail.aircamel.com.tw. 2592000 IN A 61.31.237.31
mail2.aircamel.com.tw. 2592000 IN TXT "v=spf1 a -all"
mail2.aircamel.com.tw. 2592000 IN A 61.31.237.241
member.aircamel.com.tw. 2592000 IN A 61.31.237.1
ns.aircamel.com.tw. 2592000 IN A 61.31.237.31
ns2.aircamel.com.tw. 2592000 IN A 61.31.237.32
payment.aircamel.com.tw. 2592000 IN A 61.31.237.40
shipment.aircamel.com.tw. 2592000 IN A 61.31.237.40
stable.aircamel.com.tw. 2592000 IN A 61.31.237.19
*.stable.aircamel.com.tw. 2592000 IN A 61.31.237.19
www.stable.aircamel.com.tw. 2592000 IN A 61.31.237.19
staff.aircamel.com.tw. 2592000 IN A 61.31.237.152
store.aircamel.com.tw. 2592000 IN A 61.31.237.1
tesr.aircamel.com.tw. 2592000 IN A 61.31.237.38
upload.aircamel.com.tw. 2592000 IN A 61.31.237.2
www.aircamel.com.tw. 2592000 IN A 61.31.237.1
aircamel.com.tw. 2592000 IN SOA ns.aircamel.com.tw. root.aircamel.com.tw. 2014010901 38400 10800 604800 38400
;; Query time: 198 msec
;; SERVER: 61.31.237.32#53(61.31.237.32)
;; WHEN: Fri Feb 6 22:30:04 2015
;; XFR size: 54 records (messages 1, bytes 2248)

漏洞证明:

1.地址:
http://www.aircamel.com.tw/
2.首页:

34B7346C-A540-4099-A3B8-FEB962065619.png


3.外泄域名指向:

; <<>> DiG 9.8.3-P1 <<>> @ns2.aircamel.com.tw. axfr aircamel.com.tw
; (1 server found)
;; global options: +cmd
aircamel.com.tw. 2592000 IN SOA ns.aircamel.com.tw. root.aircamel.com.tw. 2014010901 38400 10800 604800 38400
aircamel.com.tw. 2592000 IN NS ns.aircamel.com.tw.
aircamel.com.tw. 2592000 IN NS ns2.aircamel.com.tw.
aircamel.com.tw. 2592000 IN A 61.31.237.1
aircamel.com.tw. 2592000 IN MX 10 mail.aircamel.com.tw.
aircamel.com.tw. 2592000 IN MX 20 mail2.aircamel.com.tw.
aircamel.com.tw. 2592000 IN MX 30 edm.aircamel.com.tw.
aircamel.com.tw. 2592000 IN TXT "v=spf1 a mx ~all"
aircamel.com.tw. 2592000 IN TXT "v=spf1 a mx include:aircamel.com.tw include:aircamel.com.tw ~all"
*.aircamel.com.tw. 2592000 IN A 61.31.237.1
17240game.aircamel.com.tw. 2592000 IN CNAME www.17240game.com.
_domainkey.aircamel.com.tw. 2592000 IN TXT "t=y"
default._domainkey.aircamel.com.tw. 2592000 IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDClgINATEtOfSohQM+0h0tOIvX/LcST4zc/FgEFnnJD/Q4xSWOCqhoZ6GG9Ocn903t8aPE7jW7wiMkNSG2wmbU1WEmlVTfEDZUuXg0bazUttv0gXSmwk/NQTNb+HUMNJIzIi56y/2LCrXSyuO6zSQI0wPHhQZ359dBJkLfX9mmmwIDAQAB"
edmdkim._domainkey.aircamel.com.tw. 2592000 IN TXT "v=DKIM1\; r=postmaster\; g=*\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCoa9AONxfXkZz1/H32tld+mTzabQ4Mf/xIqVcy7Miy4HUIBKhKe5FOAJwBlpPv+hQDH0M7IcJr/Lz55fPARdqBF/LgdWuKBoFLVPtITkChukqqsahpim0cr8bQamqvbWPpbviKDpL0aZz1zR17RQxkY2fPxZbpOSfpyU6W073SQIDAQAB"
key1._domainkey.aircamel.com.tw. 2592000 IN TXT "v=DKIM1\; g=*\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNDGOY+OrRFnJUTkCiTmRDy/W4FO97HPYqmKUcTrfEGiIgr6tad5liuz3VFgEDRABN3DwwsUC38fI0wXN+qPm6Emycr1nGThiAiZQftrN2WsCeDkjAQUH30tALLMdLfQPEaXCwqFgfuKkpcB5maQ4zy5kM948ODhWK9+TDj0vRPwIDAQAB"
mail._domainkey.aircamel.com.tw. 2592000 IN TXT "g=\; k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcX47OKrRherQy1yzaE6Zjnw0+GNzMertRjNVmgvqmbtky07XCkSeTQh6T8N0mwQG70k8wNxlRwuacsSsyRDnawR7/NhaPmamBgojRn81fRSQCA8YKRoCtg+YVY31jZT/g+5VFuEM1Ty7a/oGhM+9yMqe/qX5N7+mOVt6TDhYXHQIDAQAB"
api.aircamel.com.tw. 2592000 IN A 61.31.237.4
cn.aircamel.com.tw. 2592000 IN A 61.31.237.17
*.cn.aircamel.com.tw. 2592000 IN A 61.31.237.17
cndev.aircamel.com.tw. 2592000 IN A 61.31.237.97
*.cndev.aircamel.com.tw. 2592000 IN A 61.31.237.97
www.cndev.aircamel.com.tw. 2592000 IN A 61.31.237.97
cnstable.aircamel.com.tw. 2592000 IN A 61.31.237.19
*.cnstable.aircamel.com.tw. 2592000 IN A 61.31.237.19
www.cnstable.aircamel.com.tw. 2592000 IN A 61.31.237.19
dev.aircamel.com.tw. 2592000 IN A 61.31.237.97
*.dev.aircamel.com.tw. 2592000 IN A 61.31.237.97
www.dev.aircamel.com.tw. 2592000 IN A 61.31.237.97
edm.aircamel.com.tw. 2592000 IN TXT "v=spf1 a -all"
edm.aircamel.com.tw. 2592000 IN A 61.31.237.35
event.aircamel.com.tw. 2592000 IN A 61.31.237.5
forum.aircamel.com.tw. 2592000 IN A 61.31.237.1
goods.aircamel.com.tw. 2592000 IN A 61.31.237.1
idolstar.aircamel.com.tw. 2592000 IN A 61.31.237.5
img.aircamel.com.tw. 2592000 IN A 61.31.237.3
mail.aircamel.com.tw. 2592000 IN TXT "v=spf1 a -all"
mail.aircamel.com.tw. 2592000 IN TXT "v=spf1 ip4:202.153.188.11/32 ~all"
mail.aircamel.com.tw. 2592000 IN A 61.31.237.31
mail2.aircamel.com.tw. 2592000 IN TXT "v=spf1 a -all"
mail2.aircamel.com.tw. 2592000 IN A 61.31.237.241
member.aircamel.com.tw. 2592000 IN A 61.31.237.1
ns.aircamel.com.tw. 2592000 IN A 61.31.237.31
ns2.aircamel.com.tw. 2592000 IN A 61.31.237.32
payment.aircamel.com.tw. 2592000 IN A 61.31.237.40
shipment.aircamel.com.tw. 2592000 IN A 61.31.237.40
stable.aircamel.com.tw. 2592000 IN A 61.31.237.19
*.stable.aircamel.com.tw. 2592000 IN A 61.31.237.19
www.stable.aircamel.com.tw. 2592000 IN A 61.31.237.19
staff.aircamel.com.tw. 2592000 IN A 61.31.237.152
store.aircamel.com.tw. 2592000 IN A 61.31.237.1
tesr.aircamel.com.tw. 2592000 IN A 61.31.237.38
upload.aircamel.com.tw. 2592000 IN A 61.31.237.2
www.aircamel.com.tw. 2592000 IN A 61.31.237.1
aircamel.com.tw. 2592000 IN SOA ns.aircamel.com.tw. root.aircamel.com.tw. 2014010901 38400 10800 604800 38400
;; Query time: 198 msec
;; SERVER: 61.31.237.32#53(61.31.237.32)
;; WHEN: Fri Feb 6 22:30:04 2015
;; XFR size: 54 records (messages 1, bytes 2248)

修复方案:

限制访问

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-02-15 16:19

厂商回复:

謝謝通報

最新状态:

暂无