On 05.06.20 11:54, Ejaz Ahmed wrote:
Some one is is claiming that our name server 212.118.64.2 is vulnerable with below information is this true
it's not the nameserver. It's the domain "cyberia.net.sa" that has "localhost" in it pointing go 127.0.0.1 This is useless. The localhost hostname should not exist in domains other than "localhost." that should be configured on recursive servers.
Any suggestions would be appreciated
simply remove the "localhost" record from cyberia.net.sa and possibly other domains.
Dear CYBERIA GROUP Security Team , I Rahul a Ethical Hacker and Security Researcher. I found a vulnerability on your website that is DNS Misconfiguration . Your *localhost.cyberia.net.sa <http://localhost.cyberia.net.sa> *has address 127.0.0.1 and this may lead to "Same- Site" Scripting. I can also ping the localhost network. Here is detailed description of this minor security issue :* http://www.securityfocus.com/archive/1/486606/30/0/threaded <https://hackerone.com/redirect?signature=f22656dd5afea782410979cdd3fbb951f819c82e&url=http%3A%2F%2Fwww.securityfocus.com%2Farchive%2F1%2F486606%2F30%2F0%2Fthreaded>* *Find attached POC Video. * *Dear Team Waiting for your response and I want bounty(money) with an Appreciation letter for my work and effort which I have given for * *Thanks in advance * *Ejaz *
-- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. REALITY.SYS corrupted. Press any key to reboot Universe. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users