当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0123428

漏洞标题:悦动圈某站Heartbleed

相关厂商:51yund.com

漏洞作者: 紫霞仙子

提交时间:2015-06-29 14:18

修复时间:2015-08-13 16:20

公开时间:2015-08-13 16:20

漏洞类型:应用配置错误

危害等级:高

自评Rank:18

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-29: 细节已通知厂商并且等待厂商处理中
2015-06-29: 厂商已经确认,细节仅向厂商公开
2015-07-09: 细节向核心白帽子及相关领域专家公开
2015-07-19: 细节向普通白帽子公开
2015-07-29: 细节向实习白帽子公开
2015-08-13: 细节向公众公开

简要描述:

233

详细说明:

sec.51yund.com

漏洞证明:

Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 58
... received message: type = 22, ver = 0302, length = 6293
... received message: type = 22, ver = 0302, length = 525
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
0000: 02 40 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C .@....SC[...r...
0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90 .+..H...9.......
0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0 .w.3....f.....".
0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00 !.9.8.........5.
0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0 ................
0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00 ............3.2.
0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00 ....E.D...../...
0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00 A...............
0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01 ................
0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4.
00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2...............
00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 ................
00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00 ................
00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 50 68 6F 6E ....#.......Phon
00e0: 65 36 2C 32 20 62 75 69 6C 64 2F 31 32 46 37 30 e6,2 build/12F70
00f0: 20 28 36 3B 20 64 74 3A 39 30 29 0D 0A 0D 0A 1D (6; dt:90).....
0100: C8 86 4A EF 4D DB 4C 64 74 9D C0 18 75 D4 31 91 ..J.M.Ldt...u.1.
0110: 50 D0 5A 3C 90 FC 48 D2 11 74 8C 6D E2 EA 1F 00 P.Z<..H..t.m....
0120: F6 27 ED 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C .'..............
0130: EC BE AB E9 EF 99 06 30 F2 1C 77 53 59 8E 15 25 .......0..wSY..%
0140: 9B D0 AE 25 2C CE 00 72 53 79 B4 DF F2 29 A1 4A ...%,..rSy...).J
0150: 22 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F "...............
0160: 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0200: 3C 64 69 76 20 63 6C 61 73 73 3D 22 63 69 72 63 <div class="circ
0210: 49 6E 66 6F 49 74 65 6D 22 3E 0D 0A 20 20 20 20 InfoItem">..
0220: 20 20 20 20 3C 70 20 63 6C 61 73 73 3D 22 69 74 <p class="it
0230: 65 6D 4E 61 6D 65 20 66 6F 6E 74 47 72 65 79 22 emName fontGrey"
0240: 3E E5 88 9B E5 BB BA E8 80 85 3C 2F 70 3E 0D 0A >.........</p>..
0250: 20 20 20 20 20 20 20 20 3C 61 20 63 6C 61 73 73 <a class
0260: 3D 22 69 74 65 6D 43 6F 6E 74 65 6E 74 22 20 68 ="itemContent" h
0270: 72 65 66 3D 22 2F 6C 6F 63 61 6C 5F 63 61 6C 6C ref="/local_call
0280: 3F 6C 6F 63 61 6C 5F 61 63 74 69 6F 6E 3D 70 65 ?local_action=pe
0290: 72 73 6F 6E 69 6E 66 6F 26 61 72 67 30 3D 39 31 rsoninfo&arg0=91
02a0: 32 35 36 34 22 3E 0D 0A 20 20 20 20 20 20 20 20 2564">..
02b0: 20 20 20 20 3C 69 6D 67 20 63 6C 61 73 73 3D 22 <img class="
02c0: 6D 65 6D 41 76 61 74 61 72 20 6F 77 6E 65 72 2D memAvatar owner-
02d0: 61 76 61 74 61 72 22 20 73 72 63 3D 22 68 74 74 avatar" src="htt
02e0: 70 3A 2F 2F 69 6D 67 2E 35 31 79 75 6E 64 2E 63 p://img.51yund.c
02f0: 6F 6D 2F 68 65 61 64 2F 31 38 32 35 2F 68 65 61 om/head/1825/hea
0300: 64 5F 39 31 32 35 36 34 5F 38 30 2E 6A 70 67 22 d_912564_80.jpg"
0310: 3E 0D 0A 20 20 20 20 20 20 20 20 20 20 20 20 3C >.. <
0320: 70 20 63 6C 61 73 73 3D 22 6F 77 6E 65 72 22 3E p class="owner">
0330: E6 9D B1 E6 96 B9 E7 B0 AB E5 B5 90 3C 2F 70 3E ............</p>
0340: 0D 0A 20 20 20 20 20 20 20 20 20 20 20 20 3C 64 .. <d
0350: 69 76 20 63 6C 61 73 73 3D 22 61 72 72 6F 77 52 iv class="arrowR
0360: 22 3E 3C 2F 64 69 76 3E 0D 0A 20 20 20 20 20 20 "></div>..
0370: 20 20 3C 2F 61 3E 0D 0A 20 20 20 20 3C 2F 64 69 </a>.. </di
0380: 76 3E 0D 0A 20 20 20 20 3C 64 69 76 20 63 6C 61 v>.. <div cla
0390: 73 73 3D 22 63 69 72 63 49 6E 66 6F 49 74 65 6D ss="circInfoItem
03a0: 20 66 6F 6E 74 47 72 65 79 22 3E 0D 0A 20 20 20 fontGrey">..
03b0: 20 20 20 20 20 3C 70 20 63 6C 61 73 73 3D 22 69 <p class="i
03c0: 74 65 6D 4E 61 6D 65 22 3E E5 9C 88 E5 AD 90 E4 temName">.......
03d0: BB 8B E7 BB 8D 3C 2F 70 3E 0D 0A 20 20 20 20 20 .....</p>..
03e0: 20 20 20 3C 61 20 63 6C 61 73 73 3D 22 69 74 65 <a class="ite
03f0: 6D 43 6F 6E 74 65 6E 74 22 3E 0D 0A 20 20 20 20 mContent">..
0400: 20 20 20 20 20 20 20 20 3C 70 20 63 6C 61 73 73 <p class
0410: 3D 22 6C 6F 6E 67 50 61 72 61 22 3E E6 88 91 E8 ="longPara">....
0420: BF 90 E5 8A A8 E6 88 91 E5 81 A5 E5 BA B7 3C 2F ..............</
0430: 70 3E 0D 0A 20 20 20 20 20 20 20 20 3C 2F 61 3E p>.. </a>
0440: 0D 0A 20 20 20 20 3C 2F 64 69 76 3E 0D 0A 20 20 .. </div>..
0450: 20 20 3C 64 69 76 20 63 6C 61 73 73 3D 22 63 69 <div class="ci
0720: 90 8E 58 01 00 00 00 00 75 6E 20 32 30 31 35 20 ..X.....un 2015
0730: 30 35 3A 34 30 3A 30 39 20 47 4D 54 0D 0A 43 6F 05:40:09 GMT..Co
0740: 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 78 74 ntent-Type: text
0750: 2F 68 74 6D 6C 3B 20 63 68 61 72 73 65 74 3D 75 /html; charset=u
0760: 74 66 2D 38 0D 0A 0D 0A 3C 21 64 6F 63 74 79 70 tf-8....<!doctyp
0770: 65 20 68 74 6D 6C 3E 0D 0A 3C 68 74 6D 6C 3E 0D e html>..<html>.
0780: 0A 3C 68 65 61 64 3E 0D 0A 20 20 20 20 3C 6D 65 .<head>.. <me
0790: 74 61 20 63 68 61 72 73 65 74 3D 22 75 74 66 2D ta charset="utf-
07a0: 38 22 20 2F 3E 0D 0A 0D 0A 20 20 20 20 3C 6D 65 8" />.... <me
07b0: 74 61 20 6E 61 6D 65 3D 22 76 69 65 77 70 6F 72 ta name="viewpor
07c0: 74 22 20 63 6F 6E 74 65 6E 74 3D 22 77 69 64 74 t" content="widt
07d0: 68 3D 64 65 76 69 63 65 2D 77 69 64 74 68 2C 20 h=device-width,
07e0: 6D 69 6E 69 6D 75 6D 2D 73 63 61 6C 65 3D 31 2E minimum-scale=1.
07f0: 30 2C 20 6D 61 78 69 6D 75 6D 2D 73 63 61 6C 65 0, maximum-scale
0800: 3D 31 2E 30 2C 20 75 73 65 72 2D 73 63 61 6C 61 =1.0, user-scala
0810: 62 6C 65 3D 6E 6F 22 20 2F 3E 0D 0A 0D 0A 20 20 ble=no" />....
0820: 20 20 3C 74 69 74 6C 65 3E E6 B1 9F E8 A5 BF E5 <title>.......
0830: BA 94 E7 94 A8 E7 A7 91 E6 8A 80 E4 B9 90 E8 B7 ................
0840: 91 E4 BF B1 E4 B9 90 E9 83 A8 3C 2F 74 69 74 6C ..........</titl
0850: 65 3E 0D 0A 09 0A 09 3C 6D 65 74 61 20 6E 61 6D e>.....<meta nam
0860: 65 3D 22 66 6F 72 6D 61 74 2D 64 65 74 65 63 74 e="format-detect
0870: 69 6F 6E 22 20 63 6F 6E 74 65 6E 74 3D 22 74 65 ion" content="te
0880: 6C 65 70 68 6F 6E 65 3D 6E 6F 22 3E 0A 09 3C 6D lephone=no">..<m
0890: 65 74 61 20 6E 61 6D 65 3D 22 66 6F 72 6D 61 74 eta name="format
08a0: 2D 64 65 74 65 63 74 69 6F 6E 22 20 63 6F 6E 74 -detection" cont
08b0: 65 6E 74 3D 22 65 6D 61 69 6C 3D 6E 6F 22 3E 0A ent="email=no">.
08c0: 09 3C 6D 65 74 61 20 6E 61 6D 65 3D 22 66 6F 72 .<meta name="for
08d0: 6D 61 74 2D 64 65 74 65 63 74 69 6F 6E 22 20 63 mat-detection" c
08e0: 6F 6E 74 65 6E 74 3D 22 61 64 64 72 65 73 73 3D ontent="address=
08f0: 6E 6F 22 3E 0A 09 0A 0D 0A 20 20 20 20 3C 6D 65 no">..... <me
0900: 74 61 20 6E 61 6D 65 3D 22 64 65 73 63 72 69 70 ta name="descrip
0910: 74 69 6F 6E 22 20 63 6F 6E 74 65 6E 74 3D 22 E6 tion" content=".
0920: 82 A6 E5 8A A8 E5 9C 88 2C 20 E8 B7 91 E6 AD A5 ........, ......
0930: E8 BF 90 E5 8A A8 31 30 30 25 E9 A2 86 E7 BA A2 ......100%......

。。。。。。。。。。

修复方案:

~~

版权声明:转载请注明来源 紫霞仙子@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-06-29 16:18

厂商回复:

问题已经收到,多谢反馈。

最新状态:

暂无