当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0124280

漏洞标题:酷我音乐主站Heartbleed可抓用户Cookie

相关厂商:酷我音乐

漏洞作者: 路人甲

提交时间:2015-07-04 22:49

修复时间:2015-08-20 09:52

公开时间:2015-08-20 09:52

漏洞类型:系统/服务补丁不及时

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-04: 细节已通知厂商并且等待厂商处理中
2015-07-06: 厂商已经确认,细节仅向厂商公开
2015-07-16: 细节向核心白帽子及相关领域专家公开
2015-07-26: 细节向普通白帽子公开
2015-08-05: 细节向实习白帽子公开
2015-08-20: 细节向公众公开

简要描述:

233

详细说明:

www.kuwo.cn
经查询得到CDN列表:
123.150.175.181,
123.150.175.180
第一次的时候跑出来了,但怎么都复现不了,才发现IP解析到第一个了。
直接第2个,bleeding....

漏洞证明:

抓了好几次,竟然还抓到内容人员的信息了。。
发一个:
seller_email=guanying.shi%40kuwo.cn&price=20.00&buyer_id=2088502684629091&notify_id=953d8aefeb63f357be37daaf74ee91df2i&use_coupon=N&sign_type=MD5&sign=5c078dd6e24624743175f6c8f6491ae9
下面试抓到用户的cookie
Received heartbeat response:
.@....SC[...r....+..H...9..w.3....f.....".!.9.8...5.....3.2.....E.D...../...A...I.....4.2...#.e..User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; {D9D54F49-E51C-445e-92F2-1EE3C2313240})..Host: pay.kuwo.cn..Connection: Keep-Alive..Cookie: JSESSIONID=CF093E5FCA16940D0151692F5C800383.jvm1; Hm_lvt_bb2c1b056f819f8efb6431bbc24de0da=1435546388; userid=179559246; username=mingm1122; uph=1777457708; paycenter2013=paycenter2013.....y~v.Vz...WJq...62BkA.....^&...';.!W.....2.|Iuk..=i..t...L..{^.F....y..%....,0kuwo.cn&gmt_close=2015-07-03+10%3A16%3A08&price=10.00&buyer_id=2088702791155254&notify_id=84990c63e541dfa3259cce7911fb8aa93e&use_coupon=N&sign_type=MD5&sign=b674cc939e2b55a825759964505cc73eB..-.7D.....J...0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)..Host: pay.kuwo.cn..Connection: Keep-Alive..Cookie: JSESSIONID=4EDB82AE4A24DA9EB3FE0B76C81D4BB0.jvm1; gadposition=kuwo_gamebox; gadtype=kuwo_gamebox; name3=; t3=; fuserid=183531720; fusername=fuygbiubnk; fuph=892709808; fgame=206; uph=892709808; userid=183531720; username=fuygbiubnk; pay_gbox=gbox_2.9.4.4_ug0; ad_dist=%25D6%25D8%25C7%25EC; mbox=MUSIC_8.0.1.0_PQ; mboxRun=kuwo; client=WEB; version=8.0.1.0_PQ; game_mbox_id=20518468; mboxsid=0; paycenter2013=paycenter2013; www_game_popup=show_www_game; Hm_lvt_bb2c1b056f819f8efb6431bbc24de0da=1434963195,1435201720,1435505523,1435639856.....g...3.,.@R.,:..wd=; b64Uph=; kuwo_live_notice=0%2C0; kuwo_live_coin=101; kuwo_live_fzh=0; kuwo_live_shell=0; loginlockstatus=0; dj_payinfo_id=2566336..0..q..h..XK..*....899696%7C151205869%7C105774994%7C172886873%7C107465106; GiftImg_version=201506261206; FamilyIcon_version=2015-0615-1419-033; SingerLevelImg_version=201506192300; RichLevelImg_version=201506192300; kuwo_live_sliver_flowercnt=10; kuwo_live_gold_flowercnt=1; kuwo_live_farm_suncnt=10; b64Username=; b64Pwd=; b64Uph=; kuwo_live_notice=0%2C0; kuwo_live_fzh=0; kuwo_live_shell=0; loginlockstatus=0; dj_payinfo_id=2566329; kuwo_live_coin=100002....S5...$..Y....u5.fn=31762; userid=113863371; username=%u83AB%u6653%u96EA520; uph=369583483....z..r.....6...tp...d....rw..l+R...../.j...n...o...e=1355027763393qq....DB.~Ihw;..ockstatus=0.7.4..a.w.O..s=0; kuwo_live_online_status=1; kuwo_live_notice=0%2C0; dj_payinfo_id=2564567; kuwo_live_coin=1032....<..r.Av..\...V.....?STdDZ2tpY0hKdlpIVmpkQzFwWkNJZ1BTQWlhM1YzYjE5dGRYTnBZMTkyYVhCZk1USWlPd29KSW1sMFpXMHRhV1FpSUQwZ0lqazRPVGN4TmpFeE15STdDZ2tpWW1sa0lpQTlJQ0pqYjIwdWEzVjNieTVMZFhkdlZHbHVaM1JwYm1jaU93b0pJbkIxY21Ob1lYTmxMV1JoZEdVdGJYTWlJRDBnSWpFME16VTRNemt4TmpNME16SWlPd29KSW5CMWNtTm9ZWE5sTFdSaGRHVWlJRDBnSWpJd01UVXRNRGN0TURJZ01USTZNVEk2TkRNZ1JYUmpMMGROVkNJN0Nna2ljSFZ5WTJoaGMyVXRaR0YwWlMxd2MzUWlJRDBnSWpJd01UVXRNRGN0TURJZ01EVTZNVEk2TkRNZ1FXMWxjbWxqWVM5TWIzTmZRVzVuWld4bGN5STdDZ2tpYjNKcFoybHVZV3d0Y0hWeVkyaGhjMlV0WkdGMFpTSWdQU0FpTWpBeE5TMHdOeTB3TWlBeE1qb3hNam8wTXlCRmRHTXZSMDFVSWpzS2ZRPT0iOwoJImVudmlyb25tZW50IiA9ICJTYW5kYm94IjsKCSJwb2QiID0gIjEwMCI7Cgkic2lnbmluZy1zdGF0dXMiID0gIjAiOwp9&kwb=7&service=newvip&userName=A585087&cash=12&transaction_id=1000000161826780&payType=112l.J...~b>E.p.i.... ..... ... r.l}..... ...0.}.C.C.nginx.}.
可以写个过滤,每几秒抓一次,估计可以抓到大量用户的cookie。
这个脚本网上太多,这里不贴出来。

修复方案:

还没打补丁。。。

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2015-07-06 09:50

厂商回复:

感谢对酷我的支持

最新状态:

暂无