Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15815
| Path | csiph.com!aioe.org!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Matus UHLAR - fantomas <uhlar@fantomas.sk> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/ |
| Date | Fri, 5 Jun 2020 11:23:05 +0200 |
| Lines | 43 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.490.1591348972.942.bind-users@lists.isc.org> (permalink) |
| References | <CALAvY8mCB8aC4fqH+x+8Y5C2mS2i5_OZxOROpgp1gQ9yTx3g-w@mail.gmail.com> <CAESnv-YsFi1cq6SFEgijq5=6TET20b6enWU9foa07AfBmVp3Fg@mail.gmail.com> <CAESnv-az+HJ6N5-GMuzd=NrTOvv_xyHWuq=yRp1cy25W+evmPQ@mail.gmail.com> <20200605092305.GA24805@fantomas.sk> |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=us-ascii; format=flowed |
| X-Trace | usenet.stanford.edu 1591348996 2633 149.20.1.60 (5 Jun 2020 09:23:16 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bind-users@lists.isc.org |
| Return-Path | <uhlar@fantomas.sk> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| X-Authentication-Warning | fantomas.fantomas.sk: uhlar set sender to uhlar@fantomas.sk using -f |
| Mail-Followup-To | bind-users@lists.isc.org |
| Content-Disposition | inline |
| In-Reply-To | <CAESnv-az+HJ6N5-GMuzd=NrTOvv_xyHWuq=yRp1cy25W+evmPQ@mail.gmail.com> |
| User-Agent | Mutt/1.10.1 (2018-07-13) |
| X-Spam-Status | No, score=-0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS autolearn=disabled version=3.4.2 |
| X-Spam-Checker-Version | SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.29 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users/> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <20200605092305.GA24805@fantomas.sk> |
| X-Mailman-Original-References | <CALAvY8mCB8aC4fqH+x+8Y5C2mS2i5_OZxOROpgp1gQ9yTx3g-w@mail.gmail.com> <CAESnv-YsFi1cq6SFEgijq5=6TET20b6enWU9foa07AfBmVp3Fg@mail.gmail.com> <CAESnv-az+HJ6N5-GMuzd=NrTOvv_xyHWuq=yRp1cy25W+evmPQ@mail.gmail.com> |
| Xref | csiph.com comp.protocols.dns.bind:15815 |
Show key headers only | View raw
On 05.06.20 11:54, Ejaz Ahmed wrote: >Some one is is claiming that our name server 212.118.64.2 is vulnerable >with below information is this true it's not the nameserver. It's the domain "cyberia.net.sa" that has "localhost" in it pointing go 127.0.0.1 This is useless. The localhost hostname should not exist in domains other than "localhost." that should be configured on recursive servers. >Any suggestions would be appreciated simply remove the "localhost" record from cyberia.net.sa and possibly other domains. >Dear CYBERIA GROUP Security Team , > >I Rahul a Ethical Hacker and Security Researcher. I found a vulnerability >on your website that is DNS Misconfiguration . > >Your *localhost.cyberia.net.sa <http://localhost.cyberia.net.sa> *has >address 127.0.0.1 and this may lead to "Same- Site" Scripting. I can also >ping the localhost network. > > >Here is detailed description of this minor security issue :* >http://www.securityfocus.com/archive/1/486606/30/0/threaded ><https://hackerone.com/redirect?signature=f22656dd5afea782410979cdd3fbb951f819c82e&url=http%3A%2F%2Fwww.securityfocus.com%2Farchive%2F1%2F486606%2F30%2F0%2Fthreaded>* > >*Find attached POC Video. * > >*Dear Team Waiting for your response and I want bounty(money) with an >Appreciation letter for my work and effort which I have given for * > > >*Thanks in advance * >*Ejaz * -- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. REALITY.SYS corrupted. Press any key to reboot Universe.
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/ Matus UHLAR - fantomas <uhlar@fantomas.sk> - 2020-06-05 11:23 +0200
csiph-web