Path: csiph.com!aioe.org!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail
From: Matus UHLAR - fantomas <uhlar@fantomas.sk>
Newsgroups: comp.protocols.dns.bind
Subject: Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/
Date: Fri, 5 Jun 2020 11:23:05 +0200
Lines: 43
Approved: bind-users@lists.isc.org
Message-ID: <mailman.490.1591348972.942.bind-users@lists.isc.org>
References: <CALAvY8mCB8aC4fqH+x+8Y5C2mS2i5_OZxOROpgp1gQ9yTx3g-w@mail.gmail.com> <CAESnv-YsFi1cq6SFEgijq5=6TET20b6enWU9foa07AfBmVp3Fg@mail.gmail.com> <CAESnv-az+HJ6N5-GMuzd=NrTOvv_xyHWuq=yRp1cy25W+evmPQ@mail.gmail.com> <20200605092305.GA24805@fantomas.sk>
NNTP-Posting-Host: lists.isc.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
X-Trace: usenet.stanford.edu 1591348996 2633 149.20.1.60 (5 Jun 2020 09:23:16 GMT)
X-Complaints-To: action@cs.stanford.edu
To: bind-users@lists.isc.org
Return-Path: <uhlar@fantomas.sk>
X-Original-To: bind-users@lists.isc.org
Delivered-To: bind-users@lists.isc.org
X-Authentication-Warning: fantomas.fantomas.sk: uhlar set sender to uhlar@fantomas.sk using -f
Mail-Followup-To: bind-users@lists.isc.org
Content-Disposition: inline
In-Reply-To: <CAESnv-az+HJ6N5-GMuzd=NrTOvv_xyHWuq=yRp1cy25W+evmPQ@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Status: No, score=-0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org
X-BeenThere: bind-users@lists.isc.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BIND Users Mailing List <bind-users.lists.isc.org>
List-Unsubscribe: <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe>
List-Archive: <https://lists.isc.org/pipermail/bind-users/>
List-Post: <mailto:bind-users@lists.isc.org>
List-Help: <mailto:bind-users-request@lists.isc.org?subject=help>
List-Subscribe: <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe>
X-Mailman-Original-Message-ID: <20200605092305.GA24805@fantomas.sk>
X-Mailman-Original-References: <CALAvY8mCB8aC4fqH+x+8Y5C2mS2i5_OZxOROpgp1gQ9yTx3g-w@mail.gmail.com> <CAESnv-YsFi1cq6SFEgijq5=6TET20b6enWU9foa07AfBmVp3Fg@mail.gmail.com> <CAESnv-az+HJ6N5-GMuzd=NrTOvv_xyHWuq=yRp1cy25W+evmPQ@mail.gmail.com>
Xref: csiph.com comp.protocols.dns.bind:15815

On 05.06.20 11:54, Ejaz Ahmed wrote:
>Some one is is claiming that our name server 212.118.64.2 is vulnerable
>with below information is this true

it's not the nameserver. It's the domain "cyberia.net.sa" that has
"localhost" in it pointing go 127.0.0.1

This is useless. The localhost hostname should not exist in domains other
than "localhost." that should be configured on recursive servers.

>Any suggestions would be appreciated

simply remove the "localhost" record from cyberia.net.sa and possibly other
domains.

>Dear CYBERIA GROUP Security Team ,
>
>I Rahul a Ethical Hacker and Security Researcher. I found a vulnerability
>on your website that is DNS Misconfiguration .
>
>Your *localhost.cyberia.net.sa <http://localhost.cyberia.net.sa>   *has
>address 127.0.0.1 and this may lead to "Same- Site" Scripting. I can also
>ping the localhost network.
>
>
>Here is detailed description of this minor security issue :*
>http://www.securityfocus.com/archive/1/486606/30/0/threaded
><https://hackerone.com/redirect?signature=f22656dd5afea782410979cdd3fbb951f819c82e&url=http%3A%2F%2Fwww.securityfocus.com%2Farchive%2F1%2F486606%2F30%2F0%2Fthreaded>*
>
>*Find attached POC  Video. *
>
>*Dear Team Waiting for your response and I want bounty(money) with an
>Appreciation letter for my work and effort which I have given for *
>
>
>*Thanks in advance *
>*Ejaz *

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
REALITY.SYS corrupted. Press any key to reboot Universe.