Hi, vulnerability summary : a design / process flaw Severity : Moderate / High In most automated control pannel software, for shared and custom web hosting and in ISP, anyone can register / signup any domain after you have a paid account for website hosting - and the dns record of the added domain gets synced indiscriminately in the local / ISP master DNS name server /resolver (for that webhosting and ISP locally) when any local website in such shared hosting or ISP request for dns resolving - for a website IP, or mx or subdomain record etc the local entry get priority over the global / root entry (like when you edit /etc/hosts or %windir%\system32\etc\drivers the local record gets priority over remote resolver in such situation, analogy ) - when a user of such ISP or a website in shared hosting try to locally request a third party website (say linkedin, twitter, facebook or any domain ) via website API, or email and when site accepts both https or..... http redirect requests, api logins are at risk - or a potential attacker can use such to disrupt the dns request on such shared hosting for a third party domain - or get / hijack all email sent for a third party domain, in such shared hosting via catchall@[domain_name] poisoning / deliberate entry possible affected software: - cpanel - many self customized / automatic dns registration / control panel / shared hosting software - direct admin / plesk and other popular... such control panel software ( please test and let us know ? ) Respectfully, -bipin
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment