Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.protocols.dns.bind > #15827

Re: VS: DNS Misconfiguration on- http://cyberia.net.sa/

From Ed Daniel <esdaniel@esdaniel.com>
Newsgroups comp.protocols.dns.bind
Subject Re: VS: DNS Misconfiguration on- http://cyberia.net.sa/
Date 2020-06-08 15:20 +0100
Organization esdaniel.com
Message-ID <mailman.504.1591625991.942.bind-users@lists.isc.org> (permalink)
References <CALAvY8mCB8aC4fqH+x+8Y5C2mS2i5_OZxOROpgp1gQ9yTx3g-w@mail.gmail.com> <CAESnv-YsFi1cq6SFEgijq5=6TET20b6enWU9foa07AfBmVp3Fg@mail.gmail.com> <CAESnv-az+HJ6N5-GMuzd=NrTOvv_xyHWuq=yRp1cy25W+evmPQ@mail.gmail.com> <ca6936357773475f8d6b8a3d160adebe@qnet.fi> <aceb258b-d906-93ce-81f2-a1cc16df728c@esdaniel.com>

Show all headers | View raw

I'm not so sure, the written English is poor and can be misinterpreted.
The sec focus link is crafted peculiarly but it's not a hustle in and of
itself, it's sharing the problem description after all.

I think given the misconfiguration *has* gone unnoticed and potentially
could be of trouble 'in the future' a thank you, acknowledgement and
small compensation would actually be the decent thing to do.

Just my 2c as an active participant in the security community.



On 05/06/2020 10:24, Jukka Pakkanen wrote:
> Complete scam, ignore.
> 
> Just check the “securityfocus” link, it’s fake too.
> 
> Jukka
> 
>  
> 
> *Lähettäjä:* bind-users <bind-users-bounces@lists.isc.org> *Puolesta
> *Ejaz Ahmed
> *Lähetetty:* 5. kesäkuuta 2020 10:55
> *Vastaanottaja:* bind-users@lists.isc.org
> *Aihe:* Fwd: DNS Misconfiguration on- http://cyberia.net.sa/
> 
>  
> 
>  
> 
>  
> 
> Some one is is claiming that our name server 212.118.64.2 is vulnerable
> with below information is this true
> 
>  
> 
> Any suggestions would be appreciated 
> 
>  
> 
> Thanks a n advance 
> 
>  
> 
> Ejaz 
> 
>  
> 
>  
> 
>  
> 
> Dear CYBERIA GROUP Security Team ,
> 
>  
> 
> I Rahul a Ethical Hacker and Security Researcher. I found a
> vulnerability on your website that is DNS Misconfiguration .
> 
>  
> 
> Your *localhost.cyberia.net.sa <http://localhost.cyberia.net.sa>   *has
> address 127.0.0.1 and this may lead to "Same- Site" Scripting. I can
> also ping the localhost network.
> 
>  
> 
>  
> 
> Here is detailed description of this minor security issue
> :*http://www.securityfocus.com/archive/1/486606/30/0/threaded
> <https://hackerone.com/redirect?signature=f22656dd5afea782410979cdd3fbb951f819c82e&url=http%3A%2F%2Fwww.securityfocus.com%2Farchive%2F1%2F486606%2F30%2F0%2Fthreaded>*
> 
>  
> 
> *Find attached POC  Video. *
> 
>  
> 
> *Dear Team Waiting for your response and **I want bounty(money) with an
> Appreciation letter for my work and effort which I have given for *
> 
>  
> 
>  
> 
> *Thanks in advance *
> 
> *Ejaz *
> 
>  
> 
>  
> 
>  
> 
>  
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

Back to comp.protocols.dns.bind | Previous | Next | Find similar

Thread

Re: VS: DNS Misconfiguration on- http://cyberia.net.sa/ Ed Daniel <esdaniel@esdaniel.com> - 2020-06-08 15:20 +0100

csiph-web