Path: csiph.com!eternal-september.org!feeder.eternal-september.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail From: =?utf-8?B?T25kxZllaiBTdXLDvQ==?= Newsgroups: comp.protocols.dns.bind Subject: Re: DNS Misconfiguration on- http://cyberia.net.sa/ Date: Fri, 5 Jun 2020 11:53:20 +0200 Lines: 123 Approved: bind-users@lists.isc.org Message-ID: References:

<3824CCA0-6907-4220-86F8-84C64369F210@isc.org> NNTP-Posting-Host: lists.isc.org Mime-Version: 1.0 (Mac OS X Mail 13.4 $3608.80.23.2.2$) Content-Type: multipart/signed; boundary="Apple-Mail=_105FBA1F-5D89-4A51-87C5-7AB89FFC11EE"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Trace: usenet.stanford.edu 1591350807 3917 149.20.1.60 (5 Jun 2020 09:53:27 GMT) X-Complaints-To: action@cs.stanford.edu Cc: Ejaz Ahmed , "bind-users@lists.isc.org" To: Jukka Pakkanen Return-Path: X-Original-To: bind-users@lists.isc.org Delivered-To: bind-users@lists.isc.org In-Reply-To: X-Mailer: Apple Mail (2.3608.80.23.2.2) X-BeenThere: bind-users@lists.isc.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: BIND Users Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: <3824CCA0-6907-4220-86F8-84C64369F210@isc.org> X-Mailman-Original-References:

Xref: csiph.com comp.protocols.dns.bind:15816 --Apple-Mail=_105FBA1F-5D89-4A51-87C5-7AB89FFC11EE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 The localhost. is not scam, but the =E2=80=9EI found this on HackerOne and I now want money=E2=80=9C is = scam. Remove the localhost entry from the zone, but you should not pay money for issues that can be produced by automated scanners. HackerOne is doing everyone disfavor by paying nonsensical amounts of money[*] for small issues like this. They (and other wealthy companies) should be paying money only for original security research and not this nonsense. * $100 is a helluva money in some economies... Ondrej -- Ond=C5=99ej Sur=C3=BD ondrej@isc.org > On 5 Jun 2020, at 11:24, Jukka Pakkanen = wrote: >=20 > Complete scam, ignore. >=20 > Just check the =E2=80=9Csecurityfocus=E2=80=9D link, it=E2=80=99s fake = too. >=20 > Jukka >=20 > L=C3=A4hett=C3=A4j=C3=A4: bind-users = Puolesta Ejaz Ahmed > L=C3=A4hetetty: 5. kes=C3=A4kuuta 2020 10:55 > Vastaanottaja: bind-users@lists.isc.org > Aihe: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/ >=20 >=20 >=20 >=20 > Some one is is claiming that our name server 212.118.64.2 is = vulnerable with below information is this true >=20 > Any suggestions would be appreciated >=20 > Thanks a n advance >=20 > Ejaz >=20 >=20 >=20 >=20 > Dear CYBERIA GROUP Security Team , >=20 > I Rahul a Ethical Hacker and Security Researcher. I found a = vulnerability on your website that is DNS Misconfiguration . >=20 > Your localhost.cyberia.net.sa has address 127.0.0.1 and this may = lead to "Same- Site" Scripting. I can also ping the localhost network. >=20 >=20 > Here is detailed description of this minor security issue : = http://www.securityfocus.com/archive/1/486606/30/0/threaded >=20 > Find attached POC Video. >=20 > Dear Team Waiting for your response and I want bounty(money) with an = Appreciation letter for my work and effort which I have given for >=20 >=20 > Thanks in advance > Ejaz >=20 >=20 >=20 >=20 > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to = unsubscribe from this list >=20 > ISC funds the development of this software with paid support = subscriptions. Contact us at https://www.isc.org/contact/ for more = information. >=20 >=20 > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users --Apple-Mail=_105FBA1F-5D89-4A51-87C5-7AB89FFC11EE Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAl7aFhBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcI+jBAArEp+Mid5uoFlY2131rmzMad7SLWRLui36iPTm0wm82ObHKC+l+HzfQGB yi66Q9MnbGncszgpzmUyiUjcYfP+iiEaeG7UOoT0tH9YMY1szjNg+f3F1VCXqBTD VWZXjJ6JD+7ANtS1b5nzrlY+LmgBa2/r+x6dD5fv82IU6SDx5ryaxsTuB0xm4FDJ PHBg1AhINOREam8q71WFRiuhfx8pHUg1VWU4nuIpLkqlcqOJf7++y+sTjufo6f0t SGoQfZkJP+XqLc+cwYRhEdxaInq2K67URAJOYY4oNAemBzEoXjVJqHnh2SyPPguC 5PlWYFIRril9P+uI3c3TP5g+Y5AE2M08HNTfla1Zs/8wXispRM3Nn0GDmfmMhjfc N4j3Q7uWivnvTlrCMuWZxKSKL3HK8PCI9yvrg0EdE3tgs+saqT6eyGBI5B3Crckb q7bOg/aONxGjSxa5cCm4eMWDaQIyV7ep6hf4eNjy8RaYMepiVCnvYPo9GpqYoqoQ 9sN23TcIt6SQy4zAYnG53+zCGwNIP9PfAHigmqpGQ18BXmaPHLzGWooEnvWOXCSB 54IBv31ayUEQ2MwTmtcnbTh+8KyG7XL1lhkguOg7qC8B8EjYxA3EyWMPOjzeXOr+ W3KCEubkDm/Ueht3VwaV1JqRMM3YXiuisQbJHnAhhfWnVkIM1qI= =rXyQ -----END PGP SIGNATURE----- --Apple-Mail=_105FBA1F-5D89-4A51-87C5-7AB89FFC11EE--