Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15816
| Path | csiph.com!eternal-september.org!feeder.eternal-september.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Ondřej Surý <ondrej@isc.org> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: DNS Misconfiguration on- http://cyberia.net.sa/ |
| Date | Fri, 5 Jun 2020 11:53:20 +0200 |
| Lines | 123 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.492.1591350783.942.bind-users@lists.isc.org> (permalink) |
| References | <CALAvY8mCB8aC4fqH+x+8Y5C2mS2i5_OZxOROpgp1gQ9yTx3g-w@mail.gmail.com> <CAESnv-YsFi1cq6SFEgijq5=6TET20b6enWU9foa07AfBmVp3Fg@mail.gmail.com> <CAESnv-az+HJ6N5-GMuzd=NrTOvv_xyHWuq=yRp1cy25W+evmPQ@mail.gmail.com> <ca6936357773475f8d6b8a3d160adebe@qnet.fi> <3824CCA0-6907-4220-86F8-84C64369F210@isc.org> |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\)) |
| Content-Type | multipart/signed; boundary="Apple-Mail=_105FBA1F-5D89-4A51-87C5-7AB89FFC11EE"; protocol="application/pgp-signature"; micalg=pgp-sha512 |
| X-Trace | usenet.stanford.edu 1591350807 3917 149.20.1.60 (5 Jun 2020 09:53:27 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | Ejaz Ahmed <mejaz@cyberia.net.sa>, "bind-users@lists.isc.org" <bind-users@lists.isc.org> |
| To | Jukka Pakkanen <jukka.pakkanen@qnet.fi> |
| Return-Path | <ondrej@isc.org> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| In-Reply-To | <ca6936357773475f8d6b8a3d160adebe@qnet.fi> |
| X-Mailer | Apple Mail (2.3608.80.23.2.2) |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.29 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users/> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <3824CCA0-6907-4220-86F8-84C64369F210@isc.org> |
| X-Mailman-Original-References | <CALAvY8mCB8aC4fqH+x+8Y5C2mS2i5_OZxOROpgp1gQ9yTx3g-w@mail.gmail.com> <CAESnv-YsFi1cq6SFEgijq5=6TET20b6enWU9foa07AfBmVp3Fg@mail.gmail.com> <CAESnv-az+HJ6N5-GMuzd=NrTOvv_xyHWuq=yRp1cy25W+evmPQ@mail.gmail.com> <ca6936357773475f8d6b8a3d160adebe@qnet.fi> |
| Xref | csiph.com comp.protocols.dns.bind:15816 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
The localhost.<foo> is not scam, but the „I found this on HackerOne and I now want money“ is scam. Remove the localhost entry from the zone, but you should not pay money for issues that can be produced by automated scanners. HackerOne is doing everyone disfavor by paying nonsensical amounts of money[*] for small issues like this. They (and other wealthy companies) should be paying money only for original security research and not this nonsense. * $100 is a helluva money in some economies... Ondrej -- Ondřej Surý ondrej@isc.org > On 5 Jun 2020, at 11:24, Jukka Pakkanen <jukka.pakkanen@qnet.fi> wrote: > > Complete scam, ignore. > > Just check the “securityfocus” link, it’s fake too. > > Jukka > > Lähettäjä: bind-users <bind-users-bounces@lists.isc.org> Puolesta Ejaz Ahmed > Lähetetty: 5. kesäkuuta 2020 10:55 > Vastaanottaja: bind-users@lists.isc.org > Aihe: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/ > > > > > Some one is is claiming that our name server 212.118.64.2 is vulnerable with below information is this true > > Any suggestions would be appreciated > > Thanks a n advance > > Ejaz > > > > > Dear CYBERIA GROUP Security Team , > > I Rahul a Ethical Hacker and Security Researcher. I found a vulnerability on your website that is DNS Misconfiguration . > > Your localhost.cyberia.net.sa has address 127.0.0.1 and this may lead to "Same- Site" Scripting. I can also ping the localhost network. > > > Here is detailed description of this minor security issue : http://www.securityfocus.com/archive/1/486606/30/0/threaded > > Find attached POC Video. > > Dear Team Waiting for your response and I want bounty(money) with an Appreciation letter for my work and effort which I have given for > > > Thanks in advance > Ejaz > > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list > > ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: DNS Misconfiguration on- http://cyberia.net.sa/ Ondřej Surý <ondrej@isc.org> - 2020-06-05 11:53 +0200
csiph-web