Bipin Gautam
unread,May 21, 2016, 11:16:16 AM5/21/16Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to fulldisclosure, bug...@securityfocus.com, Nepali computer security and hacking community
Hi,
vulnerability summary : a design / process flaw
Severity : Moderate / High
In most automated control pannel software, for shared and custom web
hosting and in ISP, anyone can register / signup any domain after you
have a paid account for website hosting
- and the dns record of the added domain gets synced indiscriminately
in the local / ISP master DNS name server /resolver (for that
webhosting and ISP locally)
when any local website in such shared hosting or ISP request for dns resolving
- for a website IP, or mx or subdomain record etc
the local entry get priority over the global / root entry (like when
you edit /etc/hosts or %windir%\system32\etc\drivers the local record
gets priority over remote resolver in such situation, analogy )
- when a user of such ISP or a website in shared hosting try to
locally request a third party website (say linkedin, twitter, facebook
or any domain ) via website API, or email and when site accepts both
https or..... http redirect requests, api logins are at risk
- or a potential attacker can use such to disrupt the dns request on
such shared hosting for a third party domain
- or get / hijack all email sent for a third party domain, in such
shared hosting via catchall@[domain_name] poisoning / deliberate entry
possible affected software:
- cpanel
- many self customized / automatic dns registration / control panel /
shared hosting software
- direct admin / plesk and other popular... such control panel
software ( please test and let us know ? )
Respectfully,
-bipin