Uber: Disclosure of ip addresses in local network of uber

2016-03-28T19:32:54
ID H1:126569
Type hackerone
Reporter laps-forever
Modified 2016-06-13T22:22:56

Description

Hi, i have found several DNS records at Google DNS server 8.8.8.8 pointing to Uber local servers:

``` ▶ nslookup logs.uber.com Server: 8.8.8.8 Address: 8.8.8.8#53

Non-authoritative answer: Name: logs.uber.com Address: 10.6.0.1 ```

``` ▶ nslookup kerberos.uber.com Server: 8.8.8.8 Address: 8.8.8.8#53

Non-authoritative answer: Name: kerberos.uber.com Address: 10.6.0.74 ```

``` ▶ nslookup ldap.uber.com Server: 8.8.8.8 Address: 8.8.8.8#53

Non-authoritative answer: Name: ldap.uber.com Address: 10.30.14.3 ```

This information could be used, if attacker gets SSRF,XXE,LFI etc in order to address local network of Uber.