VS: DNS Misconfiguration on- http://cyberia.net.sa/

Jukka Pakkanen jukka.pakkanen at qnet.fi
Fri Jun 5 10:10:38 UTC 2020


Thx for the info, had missed this one and actually we have that minor misconfiguration too. Have had since 1995 when started our nameservers and never noticed...

Jukka

-----Alkuperäinen viesti-----
Lähettäjä: Ondřej Surý <ondrej at isc.org> 
Lähetetty: 5. kesäkuuta 2020 11:53
Vastaanottaja: Jukka Pakkanen <jukka.pakkanen at qnet.fi>
Kopio: Ejaz Ahmed <mejaz at cyberia.net.sa>; bind-users at lists.isc.org
Aihe: Re: DNS Misconfiguration on- http://cyberia.net.sa/

The localhost.<foo> is not scam, but the

„I found this on HackerOne and I now want money“ is scam.

Remove the localhost entry from the zone, but you should not pay money for issues that can be produced by automated scanners.

HackerOne is doing everyone disfavor by paying nonsensical amounts of money[*] for small issues like this. They (and other wealthy companies) should be paying money only for original security research and not this nonsense.

* $100 is a helluva money in some economies...

Ondrej
--
Ondřej Surý
ondrej at isc.org

> On 5 Jun 2020, at 11:24, Jukka Pakkanen <jukka.pakkanen at qnet.fi> wrote:
> 
> Complete scam, ignore.
> 
> Just check the “securityfocus” link, it’s fake too.
> 
> Jukka
> 
> Lähettäjä: bind-users <bind-users-bounces at lists.isc.org> Puolesta Ejaz 
> Ahmed
> Lähetetty: 5. kesäkuuta 2020 10:55
> Vastaanottaja: bind-users at lists.isc.org
> Aihe: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/
> 
> 
> 
> 
> Some one is is claiming that our name server 212.118.64.2 is 
> vulnerable with below information is this true
> 
> Any suggestions would be appreciated
> 
> Thanks a n advance
> 
> Ejaz
> 
> 
> 
> 
> Dear CYBERIA GROUP Security Team ,
> 
> I Rahul a Ethical Hacker and Security Researcher. I found a vulnerability on your website that is DNS Misconfiguration .
> 
> Your localhost.cyberia.net.sa   has address 127.0.0.1 and this may lead to "Same- Site" Scripting. I can also ping the localhost network.
> 
> 
> Here is detailed description of this minor security issue : 
> http://www.securityfocus.com/archive/1/486606/30/0/threaded
> 
> Find attached POC  Video.
> 
> Dear Team Waiting for your response and I want bounty(money) with an 
> Appreciation letter for my work and effort which I have given for
> 
> 
> Thanks in advance
> Ejaz
> 
> 
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
> unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users



More information about the bind-users mailing list