漏洞概要 关注数(4) 关注此漏洞
缺陷编号: WooYun-2014-81993
漏洞标题: 中粮集团DNS域传送漏洞
相关厂商: 中粮集团有限公司
漏洞作者: c0nt
提交时间: 2014-11-04 17:17
公开时间: 2014-11-09 17:18
漏洞类型: 重要敏感信息泄露
危害等级: 中
自评Rank: 5
漏洞状态: 漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系
Tags标签: 无
漏洞详情
披露状态:
2014-11-04: 细节已通知厂商并且等待厂商处理中
2014-11-04: 厂商已查看当前漏洞内容,细节仅向厂商公开
2014-11-09: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
详细说明:
域传送一枚
Trying Zone Transfer for cofco.com on bj-ns-04.cofco.com ...
cofco.com 3600 IN SOA
cofco.com 3600 IN NS
cofco.com 3600 IN NS
cofco.com 3600 IN NS
cofco.com 3600 IN NS
cofco.com 3600 IN MX
360rating.cofco.com 3600 IN A 152.5.125.110
506bpm.cofco.com 3600 IN A 10.6.5.18
506crm.cofco.com 3600 IN A 152.5.88.107
506CSC.cofco.com 3600 IN A 219.146.64.6
506dms.cofco.com 3600 IN A 10.6.5.93
506IMS.cofco.com 3600 IN A 10.6.5.100
506mcm.cofco.com 3600 IN A 10.6.5.76
506pingjia.cofco.com 3600 IN A 10.6.5.23
506pts.cofco.com 3600 IN A 10.6.5.89
506srm.cofco.com 3600 IN A 10.6.5.87
506WGM.cofco.com 3600 IN A 10.6.5.112
506wos.cofco.com 3600 IN A 10.6.5.94
606app.cofco.com 3600 IN A 10.6.130.12
606app02.cofco.com 3600 IN A 10.6.10.111
606app03.cofco.com 3600 IN A 10.6.10.140
606apptest.cofco.com 3600 IN A 10.6.10.110
_autodiscover._tcp.cofco.com 3600 IN SRV
_sipfederationtls._tcp.cofco.com 3600 IN SRV
_sip._tls.cofco.com 3600 IN SRV
an.cofco.com 3600 IN A 10.6.28.16
arms.cofco.com 3600 IN A 106.37.237.214
audit.cofco.com 3600 IN A 10.6.57.91
bcbe.cofco.com 3600 IN A 152.5.90.205
bcbebi.cofco.com 3600 IN A 10.6.9.16
bcbefk.cofco.com 3600 IN A 10.6.9.4
bchome.cofco.com 3600 IN A 10.6.9.11
bcoa.cofco.com 3600 IN A 10.6.9.12
behome.cofco.com 3600 IN A 10.6.9.20
beoa.cofco.com 3600 IN A 10.6.9.21
BI.cofco.com 3600 IN A 10.6.128.51
bimob.cofco.com 3600 IN A 10.6.128.50
bj-ns-01.cofco.com 3600 IN A 10.6.128.116
bj-ns-02.cofco.com 3600 IN A 152.5.4.22
bj-ns-03.cofco.com 3600 IN A 10.6.128.116
bj-ns-04.cofco.com 3600 IN A 152.5.4.22
c3.cofco.com 3600 IN A 106.37.237.211
c606it01.cofco.com 3600 IN A 10.6.10.152
ca.cofco.com 3600 IN A 10.6.2.201
careers.cofco.com 3600 IN A 152.5.90.207
ccba.cofco.com 3600 IN A 10.6.2.210
chatpool.cofco.com 3600 IN A 10.6.128.23
chengxin.cofco.com 3600 IN A 152.5.90.207
cofcomag.cofco.com 3600 IN A 10.6.128.5
course.cofco.com 3600 IN A 152.5.90.62
crm.cofco.com 3600 IN A 152.5.125.23
dmbi.cofco.com 3600 IN A 10.6.130.202
dmcrm.cofco.com 3600 IN A 10.6.130.201
dmcrmtest.cofco.com 3600 IN A 10.6.130.203
dmgp.cofco.com 3600 IN A 10.6.10.138
dmll.cofco.com 3600 IN A 10.6.10.145
dmoa.cofco.com 3600 IN A 10.6.130.204
dmoatest.cofco.com 3600 IN A 10.6.130.205
dmoatest01.cofco.com 3600 IN A 10.6.130.206
dmoo.cofco.com 3600 IN A 10.6.10.144
dmpurchase.cofco.com 3600 IN A 10.6.10.169
e-learning.cofco.com 3600 IN A 152.5.90.63
edgepool.cofco.com 3600 IN A 10.6.128.23
ehr.cofco.com 3600 IN A 10.6.57.66
3g.ehr.cofco.com 3600 IN A 10.6.57.66
ehrtest.cofco.com 3600 IN A 152.5.125.110
elife.cofco.com 3600 IN A 10.6.128.50
EV.cofco.com 3600 IN A 10.6.59.95
expo2010.cofco.com 3600 IN A 152.5.125.41
ez6s.cofco.com 3600 IN A 152.5.125.50
finance.cofco.com 3600 IN A 10.8.29.5
fms.cofco.com 3600 IN A 152.5.90.205
fmsdata.cofco.com 3600 IN A 152.5.90.55
futures.cofco.com 3600 IN A 10.6.8.19
gate.cofco.com 3600 IN A 152.5.90.51
gate.cofco.com 3600 IN MX
gloria.cofco.com 3600 IN A 121.199.69.87
gwsales.cofco.com 3600 IN A 10.6.4.107
haoshiku.cofco.com 3600 IN CNAME
healthclub.cofco.com 3600 IN CNAME
healthclubapi.cofco.com 3600 IN A 10.6.0.50
home.cofco.com 3600 IN A 10.6.128.25
hotel.cofco.com 3600 IN A 10.6.12.22
hrtest.cofco.com 3600 IN A 124.117.242.177
huihuang60.cofco.com 3600 IN A 152.5.90.207
i-rice.cofco.com 3600 IN MX
mail.i-rice.cofco.com 3600 IN CNAME
idea.cofco.com 3600 IN A 106.37.237.213
ihome.cofco.com 3600 IN A 10.6.128.25
im.cofco.com 3600 IN A 111.207.82.72
imeeting.cofco.com 3600 IN A 10.6.128.53
info.cofco.com 3600 IN A 152.5.125.110
InfoCollect.cofco.com 3600 IN A 10.6.57.124
innofair.cofco.com 3600 IN A 106.37.237.213
ipms.cofco.com 3600 IN A 106.37.237.215
itunhe.cofco.com 3600 IN A 124.117.242.177
itunhemail.cofco.com 3600 IN A 124.117.242.177
itunheoa.cofco.com 3600 IN A 124.117.242.177
iufo.cofco.com 3600 IN A 10.6.2.102
jc.cofco.com 3600 IN A 10.6.128.50
joycitycrmws.cofco.com 3600 IN A 10.6.131.2
km.cofco.com 3600 IN A 10.6.4.100
kmtest.cofco.com 3600 IN A 10.6.4.103
lanxin.cofco.com 3600 IN A 10.6.128.60
leader.cofco.com 3600 IN A 10.6.2.199
live.cofco.com 3600 IN A 10.6.57.169
lync.cofco.com 3600 IN A 10.6.128.23
lync-owa01.cofco.com 3600 IN A 10.6.57.163
lyncdiscover.cofco.com 3600 IN A 10.6.57.160
m.cofco.com 3600 IN A 10.6.128.53
mail.cofco.com 3600 IN A 10.6.61.88
mail2.cofco.com 3600 IN A 152.5.90.205
mail2k7.cofco.com 3600 IN A 10.6.61.88
md.cofco.com 3600 IN A 10.6.128.140
mdm.cofco.com 3600 IN A 10.6.128.11
media.cofco.com 3600 IN A 152.5.90.207
media1.cofco.com 3600 IN A 152.5.90.207
mediationpool.cofco.com 3600 IN A 10.6.128.23
mx1.cofco.com 3600 IN A 152.5.4.5
nc.cofco.com 3600 IN A 10.6.2.107
newkm.cofco.com 3600 IN A 106.37.237.210
nhribpm.cofco.com 3600 IN A 106.37.237.216
nhrisocial.cofco.com 3600 IN A 10.6.4.105
nw.cofco.com 3600 IN A 207.46.128.18
oil.cofco.com 3600 IN A 10.6.5.23
outspam.cofco.com 3600 IN A 10.6.128.22
plm.cofco.com 3600 IN A 106.37.237.217
plmpre.cofco.com 3600 IN A 106.37.237.218
pool.cofco.com 3600 IN A 10.6.57.160
prms.cofco.com 3600 IN A 10.6.57.53
property.cofco.com 3600 IN A 113.105.85.6
propertyinfo.cofco.com 3600 IN A 113.105.85.6
propertymail.cofco.com 3600 IN A 113.105.85.6
propertyoa.cofco.com 3600 IN A 113.105.85.6
propertyoa-test.cofco.com 3600 IN A 113.105.85.6
propertyoa1.cofco.com 3600 IN A 113.105.85.6
propertysm.cofco.com 3600 IN A 113.105.85.6
pwd.cofco.com 3600 IN A 10.6.57.62
qhselearning.cofco.com 3600 IN A 10.6.128.58
qscd.cofco.com 3600 IN A 10.6.57.42
qywh.cofco.com 3600 IN A 10.6.0.55
rating.cofco.com 3600 IN A 152.5.125.23
recruit.cofco.com 3600 IN A 152.5.125.23
report.cofco.com 3600 IN A 152.5.125.3
RTX.cofco.com 3600 IN A 10.6.128.131
rtxmetting.cofco.com 3600 IN A 10.6.128.132
rtxmobile.cofco.com 3600 IN A 10.6.128.133
SCRM.cofco.com 3600 IN A 10.6.57.124
sdc.cofco.com 3600 IN A 10.6.0.47
sentry.cofco.com 3600 IN A 10.6.128.26
sip.cofco.com 3600 IN A 10.6.128.23
spam.cofco.com 3600 IN A 152.5.4.5
sslvpn.cofco.com 3600 IN A 10.6.128.6
survey.cofco.com 3600 IN A 10.6.57.97
svnnhri.cofco.com 3600 IN A 10.6.4.113
tg.cofco.com 3600 IN A 152.5.176.42
th_webapp1.cofco.com 3600 IN A 124.117.242.177
thrd.cofco.com 3600 IN A 124.117.242.183
tomato.cofco.com 3600 IN MX
tunhemoss.cofco.com 3600 IN A 124.117.242.177
tunheoa.cofco.com 3600 IN A 152.5.125.33
tunheoai.cofco.com 3600 IN A 124.117.242.177
tunhetask.cofco.com 3600 IN A 124.117.242.177
vhome.cofco.com 3600 IN A 152.5.4.11
vip.cofco.com 3600 IN A 42.120.40.73
voc.cofco.com 3600 IN A 106.37.237.212
wangpan.cofco.com 3600 IN A 10.6.58.110
wine.cofco.com 3600 IN MX
www.cofco.com 3600 IN A 10.6.128.2
www1.cofco.com 3600 IN A 10.6.0.46
ytsales.cofco.com 3600 IN A 152.5.90.131
zlh.cofco.com 3600 IN A 115.28.237.201
zlrs.cofco.com 3600 IN A 10.6.36.1
zlwd.cofco.com 3600 IN A 219.238.239.158
Unable to obtain Server Version for bj-ns-04.cofco.com : query timed out
Trying Zone Transfer for cofco.com on bj-ns-02.cofco.com ...
cofco.com 3600 IN SOA
cofco.com 3600 IN NS
cofco.com 3600 IN NS
cofco.com 3600 IN NS
cofco.com 3600 IN NS
cofco.com 3600 IN MX
360rating.cofco.com 3600 IN A 152.5.125.110
506bpm.cofco.com 3600 IN A 10.6.5.18
506crm.cofco.com 3600 IN A 152.5.88.107
506CSC.cofco.com 3600 IN A 219.146.64.6
506dms.cofco.com 3600 IN A 10.6.5.93
506IMS.cofco.com 3600 IN A 10.6.5.100
506mcm.cofco.com 3600 IN A 10.6.5.76
506pingjia.cofco.com 3600 IN A 10.6.5.23
506pts.cofco.com 3600 IN A 10.6.5.89
506srm.cofco.com 3600 IN A 10.6.5.87
506WGM.cofco.com 3600 IN A 10.6.5.112
506wos.cofco.com 3600 IN A 10.6.5.94
606app.cofco.com 3600 IN A 10.6.130.12
606app02.cofco.com 3600 IN A 10.6.10.111
606app03.cofco.com 3600 IN A 10.6.10.140
606apptest.cofco.com 3600 IN A 10.6.10.110
_autodiscover._tcp.cofco.com 3600 IN SRV
_sipfederationtls._tcp.cofco.com 3600 IN SRV
_sip._tls.cofco.com 3600 IN SRV
an.cofco.com 3600 IN A 10.6.28.16
arms.cofco.com 3600 IN A 106.37.237.214
audit.cofco.com 3600 IN A 10.6.57.91
bcbe.cofco.com 3600 IN A 152.5.90.205
bcbebi.cofco.com 3600 IN A 10.6.9.16
bcbefk.cofco.com 3600 IN A 10.6.9.4
bchome.cofco.com 3600 IN A 10.6.9.11
bcoa.cofco.com 3600 IN A 10.6.9.12
behome.cofco.com 3600 IN A 10.6.9.20
beoa.cofco.com 3600 IN A 10.6.9.21
BI.cofco.com 3600 IN A 10.6.128.51
bimob.cofco.com 3600 IN A 10.6.128.50
bj-ns-01.cofco.com 3600 IN A 10.6.128.116
bj-ns-02.cofco.com 3600 IN A 152.5.4.22
bj-ns-03.cofco.com 3600 IN A 10.6.128.116
bj-ns-04.cofco.com 3600 IN A 152.5.4.22
c3.cofco.com 3600 IN A 106.37.237.211
c606it01.cofco.com 3600 IN A 10.6.10.152
ca.cofco.com 3600 IN A 10.6.2.201
careers.cofco.com 3600 IN A 152.5.90.207
ccba.cofco.com 3600 IN A 10.6.2.210
chatpool.cofco.com 3600 IN A 10.6.128.23
chengxin.cofco.com 3600 IN A 152.5.90.207
cofcomag.cofco.com 3600 IN A 10.6.128.5
course.cofco.com 3600 IN A 152.5.90.62
crm.cofco.com 3600 IN A 152.5.125.23
dmbi.cofco.com 3600 IN A 10.6.130.202
dmcrm.cofco.com 3600 IN A 10.6.130.201
dmcrmtest.cofco.com 3600 IN A 10.6.130.203
dmgp.cofco.com 3600 IN A 10.6.10.138
dmll.cofco.com 3600 IN A 10.6.10.145
dmoa.cofco.com 3600 IN A 10.6.130.204
dmoatest.cofco.com 3600 IN A 10.6.130.205
dmoatest01.cofco.com 3600 IN A 10.6.130.206
dmoo.cofco.com 3600 IN A 10.6.10.144
dmpurchase.cofco.com 3600 IN A 10.6.10.169
e-learning.cofco.com 3600 IN A 152.5.90.63
edgepool.cofco.com 3600 IN A 10.6.128.23
ehr.cofco.com 3600 IN A 10.6.57.66
3g.ehr.cofco.com 3600 IN A 10.6.57.66
ehrtest.cofco.com 3600 IN A 152.5.125.110
elife.cofco.com 3600 IN A 10.6.128.50
EV.cofco.com 3600 IN A 10.6.59.95
expo2010.cofco.com 3600 IN A 152.5.125.41
ez6s.cofco.com 3600 IN A 152.5.125.50
finance.cofco.com 3600 IN A 10.8.29.5
fms.cofco.com 3600 IN A 152.5.90.205
fmsdata.cofco.com 3600 IN A 152.5.90.55
futures.cofco.com 3600 IN A 10.6.8.19
gate.cofco.com 3600 IN A 152.5.90.51
gate.cofco.com 3600 IN MX
gloria.cofco.com 3600 IN A 121.199.69.87
gwsales.cofco.com 3600 IN A 10.6.4.107
haoshiku.cofco.com 3600 IN CNAME
healthclub.cofco.com 3600 IN CNAME
healthclubapi.cofco.com 3600 IN A 10.6.0.50
home.cofco.com 3600 IN A 10.6.128.25
hotel.cofco.com 3600 IN A 10.6.12.22
hrtest.cofco.com 3600 IN A 124.117.242.177
huihuang60.cofco.com 3600 IN A 152.5.90.207
i-rice.cofco.com 3600 IN MX
mail.i-rice.cofco.com 3600 IN CNAME
idea.cofco.com 3600 IN A 106.37.237.213
ihome.cofco.com 3600 IN A 10.6.128.25
im.cofco.com 3600 IN A 111.207.82.72
imeeting.cofco.com 3600 IN A 10.6.128.53
info.cofco.com 3600 IN A 152.5.125.110
InfoCollect.cofco.com 3600 IN A 10.6.57.124
innofair.cofco.com 3600 IN A 106.37.237.213
ipms.cofco.com 3600 IN A 106.37.237.215
itunhe.cofco.com 3600 IN A 124.117.242.177
itunhemail.cofco.com 3600 IN A 124.117.242.177
itunheoa.cofco.com 3600 IN A 124.117.242.177
iufo.cofco.com 3600 IN A 10.6.2.102
jc.cofco.com 3600 IN A 10.6.128.50
joycitycrmws.cofco.com 3600 IN A 10.6.131.2
km.cofco.com 3600 IN A 10.6.4.100
kmtest.cofco.com 3600 IN A 10.6.4.103
lanxin.cofco.com 3600 IN A 10.6.128.60
leader.cofco.com 3600 IN A 10.6.2.199
live.cofco.com 3600 IN A 10.6.57.169
lync.cofco.com 3600 IN A 10.6.128.23
lync-owa01.cofco.com 3600 IN A 10.6.57.163
lyncdiscover.cofco.com 3600 IN A 10.6.57.160
m.cofco.com 3600 IN A 10.6.128.53
mail.cofco.com 3600 IN A 10.6.61.88
mail2.cofco.com 3600 IN A 152.5.90.205
mail2k7.cofco.com 3600 IN A 10.6.61.88
md.cofco.com 3600 IN A 10.6.128.140
mdm.cofco.com 3600 IN A 10.6.128.11
media.cofco.com 3600 IN A 152.5.90.207
media1.cofco.com 3600 IN A 152.5.90.207
mediationpool.cofco.com 3600 IN A 10.6.128.23
mx1.cofco.com 3600 IN A 152.5.4.5
nc.cofco.com 3600 IN A 10.6.2.107
newkm.cofco.com 3600 IN A 106.37.237.210
nhribpm.cofco.com 3600 IN A 106.37.237.216
nhrisocial.cofco.com 3600 IN A 10.6.4.105
nw.cofco.com 3600 IN A 207.46.128.18
oil.cofco.com 3600 IN A 10.6.5.23
outspam.cofco.com 3600 IN A 10.6.128.22
plm.cofco.com 3600 IN A 106.37.237.217
plmpre.cofco.com 3600 IN A 106.37.237.218
pool.cofco.com 3600 IN A 10.6.57.160
prms.cofco.com 3600 IN A 10.6.57.53
property.cofco.com 3600 IN A 113.105.85.6
propertyinfo.cofco.com 3600 IN A 113.105.85.6
propertymail.cofco.com 3600 IN A 113.105.85.6
propertyoa.cofco.com 3600 IN A 113.105.85.6
propertyoa-test.cofco.com 3600 IN A 113.105.85.6
propertyoa1.cofco.com 3600 IN A 113.105.85.6
propertysm.cofco.com 3600 IN A 113.105.85.6
pwd.cofco.com 3600 IN A 10.6.57.62
qhselearning.cofco.com 3600 IN A 10.6.128.58
qscd.cofco.com 3600 IN A 10.6.57.42
qywh.cofco.com 3600 IN A 10.6.0.55
rating.cofco.com 3600 IN A 152.5.125.23
recruit.cofco.com 3600 IN A 152.5.125.23
report.cofco.com 3600 IN A 152.5.125.3
RTX.cofco.com 3600 IN A 10.6.128.131
rtxmetting.cofco.com 3600 IN A 10.6.128.132
rtxmobile.cofco.com 3600 IN A 10.6.128.133
SCRM.cofco.com 3600 IN A 10.6.57.124
sdc.cofco.com 3600 IN A 10.6.0.47
sentry.cofco.com 3600 IN A 10.6.128.26
sip.cofco.com 3600 IN A 10.6.128.23
spam.cofco.com 3600 IN A 152.5.4.5
sslvpn.cofco.com 3600 IN A 10.6.128.6
survey.cofco.com 3600 IN A 10.6.57.97
svnnhri.cofco.com 3600 IN A 10.6.4.113
tg.cofco.com 3600 IN A 152.5.176.42
th_webapp1.cofco.com 3600 IN A 124.117.242.177
thrd.cofco.com 3600 IN A 124.117.242.183
tomato.cofco.com 3600 IN MX
tunhemoss.cofco.com 3600 IN A 124.117.242.177
tunheoa.cofco.com 3600 IN A 152.5.125.33
tunheoai.cofco.com 3600 IN A 124.117.242.177
tunhetask.cofco.com 3600 IN A 124.117.242.177
vhome.cofco.com 3600 IN A 152.5.4.11
vip.cofco.com 3600 IN A 42.120.40.73
voc.cofco.com 3600 IN A 106.37.237.212
wangpan.cofco.com 3600 IN A 10.6.58.110
wine.cofco.com 3600 IN MX
www.cofco.com 3600 IN A 10.6.128.2
www1.cofco.com 3600 IN A 10.6.0.46
ytsales.cofco.com 3600 IN A 152.5.90.131
zlh.cofco.com 3600 IN A 115.28.237.201
zlrs.cofco.com 3600 IN A 10.6.36.1
zlwd.cofco.com 3600 IN A 219.238.239.158
Unable to obtain Server Version for bj-ns-02.cofco.com : query timed out
Wildcards detected, all subdomains will point to the same IP address, bye.
:/pentest/enumeration/dns/dnsenum#
漏洞证明:
修复方案:
版权声明:转载请注明来源 c0nt@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2014-11-09 17:18
厂商回复:
最新状态:
暂无
漏洞评价:
对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值
漏洞评价(共0人评价):
登陆后才能进行评分
评论