Fwd: DNS Misconfiguration on- http://cyberia.net.sa/
Matus UHLAR - fantomas
uhlar at fantomas.sk
Fri Jun 5 09:23:05 UTC 2020
On 05.06.20 11:54, Ejaz Ahmed wrote:
>Some one is is claiming that our name server 212.118.64.2 is vulnerable
>with below information is this true
it's not the nameserver. It's the domain "cyberia.net.sa" that has
"localhost" in it pointing go 127.0.0.1
This is useless. The localhost hostname should not exist in domains other
than "localhost." that should be configured on recursive servers.
>Any suggestions would be appreciated
simply remove the "localhost" record from cyberia.net.sa and possibly other
domains.
>Dear CYBERIA GROUP Security Team ,
>
>I Rahul a Ethical Hacker and Security Researcher. I found a vulnerability
>on your website that is DNS Misconfiguration .
>
>Your *localhost.cyberia.net.sa <http://localhost.cyberia.net.sa> *has
>address 127.0.0.1 and this may lead to "Same- Site" Scripting. I can also
>ping the localhost network.
>
>
>Here is detailed description of this minor security issue :*
>http://www.securityfocus.com/archive/1/486606/30/0/threaded
><https://hackerone.com/redirect?signature=f22656dd5afea782410979cdd3fbb951f819c82e&url=http%3A%2F%2Fwww.securityfocus.com%2Farchive%2F1%2F486606%2F30%2F0%2Fthreaded>*
>
>*Find attached POC Video. *
>
>*Dear Team Waiting for your response and I want bounty(money) with an
>Appreciation letter for my work and effort which I have given for *
>
>
>*Thanks in advance *
>*Ejaz *
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
REALITY.SYS corrupted. Press any key to reboot Universe.
More information about the bind-users
mailing list