From Newsgroup: comp.protocols.dns.bind

Thx for the info, had missed this one and actually we have that minor misconfiguration too. Have had since 1995 when started our nameservers and never noticed...

Jukka

-----Alkuper|ninen viesti-----
L|nhett|nj|n: Ond+Oej Sur|+ <ondrej@isc.org>
L|nhetetty: 5. kes|nkuuta 2020 11:53
Vastaanottaja: Jukka Pakkanen <jukka.pakkanen@qnet.fi>
Kopio: Ejaz Ahmed <mejaz@cyberia.net.sa>; bind-users@lists.isc.org
Aihe: Re: DNS Misconfiguration on- http://cyberia.net.sa/

The localhost.<foo> is not scam, but the

rCRI found this on HackerOne and I now want moneyrCL is scam.

Remove the localhost entry from the zone, but you should not pay money for issues that can be produced by automated scanners.

HackerOne is doing everyone disfavor by paying nonsensical amounts of money[*] for small issues like this. They (and other wealthy companies) should be paying money only for original security research and not this nonsense.

* $100 is a helluva money in some economies...

Ondrej
--
Ond+Oej Sur|+
ondrej@isc.org

On 5 Jun 2020, at 11:24, Jukka Pakkanen <jukka.pakkanen@qnet.fi> wrote:

Complete scam, ignore.

Just check the rCLsecurityfocusrCY link, itrCOs fake too.

Jukka

L|nhett|nj|n: bind-users <bind-users-bounces@lists.isc.org> Puolesta Ejaz Ahmed
L|nhetetty: 5. kes|nkuuta 2020 10:55
Vastaanottaja: bind-users@lists.isc.org
Aihe: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/

Some one is is claiming that our name server 212.118.64.2 is
vulnerable with below information is this true

Any suggestions would be appreciated

Thanks a n advance

Ejaz

Dear CYBERIA GROUP Security Team ,

I Rahul a Ethical Hacker and Security Researcher. I found a vulnerability on your website that is DNS Misconfiguration .

Your localhost.cyberia.net.sa has address 127.0.0.1 and this may lead to "Same- Site" Scripting. I can also ping the localhost network.

Here is detailed description of this minor security issue : http://www.securityfocus.com/archive/1/486606/30/0/threaded

Find attached POC Video.

Dear Team Waiting for your response and I want bounty(money) with an Appreciation letter for my work and effort which I have given for

Thanks in advance
Ejaz

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: comp.protocols.dns.bind

Jukka Pakkanen <jukka.pakkanen@qnet.fi> wrote:

Thx for the info, had missed this one and actually we have that minor misconfiguration too. Have had since 1995 when started our nameservers
and never noticed...

Yes, it used to be recommended -
https://tools.ietf.org/html/rfc1537#section-10

But not any more, because -
https://seclists.org/bugtraq/2008/Jan/270

I also only found out about this recently(ish) - https://www.dns.cam.ac.uk/news/2017-09-01-localhost.html

Tony.
--
f.anthony.n.finch <dot@dotat.at> http://dotat.at/
Tyne, Dogger: Northwest 5 or 6, backing southwest 6 to gale 8, then becoming cyclonic 5 to 7 later. Slight or moderate, becoming rough for a time. Rain or thundery showers. Good, occasionally poor.
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: comp.protocols.dns.bind

I'm not so sure, the written English is poor and can be misinterpreted.
The sec focus link is crafted peculiarly but it's not a hustle in and of itself, it's sharing the problem description after all.

I think given the misconfiguration *has* gone unnoticed and potentially
could be of trouble 'in the future' a thank you, acknowledgement and
small compensation would actually be the decent thing to do.

Just my 2c as an active participant in the security community.



On 05/06/2020 10:24, Jukka Pakkanen wrote:

Complete scam, ignore.

Just check the rCLsecurityfocusrCY link, itrCOs fake too.

Jukka

-a

*L|nhett|nj|n:* bind-users <bind-users-bounces@lists.isc.org> *Puolesta
*Ejaz Ahmed
*L|nhetetty:* 5. kes|nkuuta 2020 10:55
*Vastaanottaja:* bind-users@lists.isc.org
*Aihe:* Fwd: DNS Misconfiguration on- http://cyberia.net.sa/

-a

-a

-a

Some one is is claiming that our name server 212.118.64.2 is vulnerable
with below information is this true

-a

Any suggestions would be appreciated-a

-a

Thanks a n advance-a

-a

Ejaz-a

-a

-a

-a

Dear CYBERIA GROUP Security Team ,

-a

I Rahul a Ethical Hacker and Security Researcher. I found a
vulnerability on your website that is DNS Misconfiguration .

-a

Your *localhost.cyberia.net.sa <http://localhost.cyberia.net.sa>-a-a *has address 127.0.0.1 and this may lead to "Same- Site" Scripting. I can
also ping the localhost network.

-a

-a

Here is detailed description of this minor security issue :*http://www.securityfocus.com/archive/1/486606/30/0/threaded <https://hackerone.com/redirect?signature=f22656dd5afea782410979cdd3fbb951f819c82e&url=http%3A%2F%2Fwww.securityfocus.com%2Farchive%2F1%2F486606%2F30%2F0%2Fthreaded>*

-a

*Find attached POC-a Video. *

-a

*Dear Team Waiting for your response and **I want bounty(money) with an Appreciation letter for my work and effort which I have given for-a*

-a

-a

*Thanks in advance-a*

*Ejaz-a*

-a

-a

-a

-a

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

--- Synchronet 3.21d-Linux NewsLink 1.2