当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0118978

漏洞标题: 酷6网一处服务器存在心脏滴血

相关厂商:酷6网

漏洞作者: 路人甲

提交时间:2015-06-09 10:32

修复时间:2015-07-24 14:38

公开时间:2015-07-24 14:38

漏洞类型:重要敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-09: 细节已通知厂商并且等待厂商处理中
2015-06-09: 厂商已经确认,细节仅向厂商公开
2015-06-19: 细节向核心白帽子及相关领域专家公开
2015-06-29: 细节向普通白帽子公开
2015-07-09: 细节向实习白帽子公开
2015-07-24: 细节向公众公开

简要描述:

**

详细说明:

地址:122.11.32.141
Host: track.ku6.com
貌似是负载均衡,可以和我之前提交的合并下.

[*] 122.11.32.141:443 - Printable info leaked: Utj~Uy43$ZV82mf"!98532ED/AHost: ku6reg.sdo.comConnection: Keep-AliveAccept-Encoding: gzip(h7JV;MzZDZ;y4Xi],PCv"G.+% !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~I42#@(:tl47233HN<HN< 6 6,"tag":"\u6bdb\u6cfd\u4e1c","nick":"\u547d\u8fd0\u662f\u4f60\u5bb6","videotime":"36","videosize":"0","uploadtime":"1363594395069","lastmodified":"1381640051176","desc":"\u7edd\u5bf9\u9707\u64bc \u554a   \u8981\u662f\u4ed6\u8001\u4eba\u5bb6\u5728  \u6211\u4eec\u4f55\u5fc5\u8fd9\u4e48\u53d7\u6c14\u554a<br \/>\u4ec0\u4e48\u5c0f\u65e5\u672c\uff0c\u65e9\u706d\u5566","categoryid":"111000","catename":"\u6559\u80b2","status":"21","isnew":"","liked":0,"disliked":0,"viewed":0},{"vid":"cs_YyuhHuLPwx2tB","title":"\u7ef7\u5e26--\u624b\u638c\u53cd\u6298--\u819d\u5173\u82828\u5b57\u5305\u624e","picpath":"i0.ku6img.com\/encode\/picpath\/2011\/10\/22\/11\/1322413939550_8317131_8317131\/8.jpg","userid":"14270967","tag":"\u6025\u6551","nick":"greenkers","videotime":"322","videosize":"0","uplo66`+@\@6@6@6JY6606066:6~66>66d3b\uff1f","categoryid":"111000","catename":"\u6559\u80b2","status":"21","isnew":"","liked":0,"disliked":0,"viewed":0},{"vid":"I76I_5TEB9Z-SyOE4e42oQ..","title":"\u5355\u773c\u76ae\u5316\u5986\u6280\u5de7 \u5355\u773c\u76ae\u5927\u773c\u5986\u753b\u6cd5","picpath":"vi0.ku6img.com\/data1\/p1\/ku6video\/2012\/3\/24\/9\/1335719192712_19193648_19193648\/2.jpg","userid":"21160361","tag":"\u5355\u773c\u76ae\u5316\u5986\u6280\u5de7 \u5355\u773c\u76ae\u5927\u773c\u5986\u753b\u6cd5","nick":"Dioairs","videotime":"367","videosize":"0","uploadtime":"1356034368284","lastmodified":"1356034377605","desc":"\u5355\u773c\u76ae\u5316\u5986\u6280\u5de7 \u5355\u773c\u76ae\u5927\u773c\u5986\u753b\u6cd5","categoryid":"111000","catename":"\u6559\u80b2","status":"21","isnew":"","liked":0,"disliked":0,"viewed":0},{"vid":"NgAOfKWrBk_kWqViBYFmFA..user-agenthostconnectionCfC,h-D[!D06"D{"Dp`+@6@6P6  &@{@@6@6qmPP6p7,x6p60P6666p66X&.u&.%.5. &6qEEp +EEE>EEE6pD,O6%.%.pD,pD,wD,[qmP0mP6Ep ++Bp +X & @ ``P6p`+667`76666!GET /?dt=1397218193751&guid=NTgzNzg3NDA3MzQzMDMwNjg3MA%253D%253D&d=%7B%22dt%22%3A%221397218193751%22%2C%22refer%22%3A%22sohuNews%22%2C%22net%22%3A%22wifi%22%2C%22ttime%22%3A%22291318%22%2C%22ptime%22%3A%220%22%2C%22vid%22%3A%22rO80d7ey-FG40ubui2yWaA..%22%2C%22ip%22%3A%22171.221.167.152%22%7D&token=63586e3be766e402e4ae2c2b8311710d&appid=7 HTTP/1.0X-Real-IP: 123.125.122.26Host: track.ku6.comConnection: closeUser-Agent: fied":"68P6h-p +-H66%.`.6$666&{=6(6+6~96D6J6.T6Y6w6C/-^7.^tag":"\u6d77\u4f26\u82f1\u8bed48\u4e2a\u97f3\u6807","nick":"all-4-one","videotime":"128","videosize":"0","uploadtime":"1344390824920","lastmodif200 OKContent-Typetext/htmlcontent-typeContent-Length29content-lengthConnectioncloseconnectionDateFri, 11 Apr 2014 12:06:18 GMTdatetext/html"like6e66w6HTTP/1.1 200 OKServer: nginx/1.3.8Date: Fri, 11 Apr 2014 12:06:07 GMTContent-Type: text/htmlContent-Length: 29Connection: close383435239060","last6p`+-P6[6x6u&.u&.%.5. &66P6@TDp +X66[0.008] 123.125.122.26 - - [11/Apr/2014:20:06:07 +0800] "GET /?dt=1397218193751&guid=NTgzNzg3NDA3MzQzMDMwNjg3MA%253D%253D&d=%7B%22dt%22%3A%221397218193751%22%2C%22refer%22%3A%22sohuNews%22%2C%22net%22%3A%22wifi%22%2C%22ttime%22%3A%22291318%22%2C%22ptime%22%3A%220%22%2C%22vid%22%3A%22rO80d7ey-FG40ubui2yWaA..%22%2C%22ip%22%3A%22171.221.167.152%22%7D&token=63586e3be766e402e4ae2c2b8311710d&appid=7 HTTP/1.1" 200 29 "-" "" "-"5982\u4f55\u753b\u7709\u6bdb","picpath":"vi1.ku6img.com\/data1\/p3\/ku6video\/2012\/7\/2\/13\/1344476437716_26116309_26116309\/5.jpg","userid":"18117488","tag":"\u5982\u4f55\u753b\u7709\u6bdb","nick":"\u65f6\u4ee3\u5149\u534e","videotime":"460","videosize":"0","uploadtime":"1341208178957","lastmodified":"1341563832585","desc":"\u5982\u4f55\u753b\u7709\u6bdb","categoryid":"111000","catename":"\u6559\u80b2","status":"21","isnew":"","liked":0,"disliked":0,"viewed":0},{"vid":"xkg2OZKz1JxtMTLH","title":"\u6c29\u5f27\u710a\u624b\u6cd5","picpath":"i1.ku6img.com\/encode\/picpath\/2011\/11\/12\/12\/1324234067163_9670448_9670448\/4.jpg","userid":"7282748","tag":"\u6c29\u5f27\u710a\u624b\u6cd5","nick":"charliewilson","videotime":"155","videosize":"0","uploadtime":"1321044983649","lastmodified":"1321045294464","desc":"\u6c29\u5f27\u710a\u624b\u6cd5","categoryid":"111000","catename":"\u6559\u80b2","status":"21","isnew":"","liked":0,"disliked":0,"viewed":0}]}ereus":"21","isnew":"","liked":0,"disliked":0,"viewed":0},{"vid":"51VfdZ81Ncp5haUQ9culNA..","title":"\u51e4\u51f0\u5927\u8bb2\u5802\uff1a\u4e2d\u56fd\u519b\u4e8b\u5b9e\u529b\u4e0d\u5bb9\u7f8e\u5c0f\u89d1","picpath":"vi0.ku6img.com\/data1\/p2\/ku6video\/2012\/5\/22\/10\/1340877492625_23154206_23154206\/4.jpg","userid":"21685331","tag":"\u51e4\u51f0\u5927\u8bb2\u5802\uff1a\u4e2d\u56fd\u519b\u4e8b\u5b9e\u529b\u4e0d\u5bb9\u7f8e\u5c0f\u89d1","nick":"z****[email protected]","videotime":"406","videosize":"0","uploadtime":"1361056022453","lastmodified":"1361056037716","des`THTTPYmP7H*,2,tCB7!77/770777[`777(77070$7C$7$7MG~\7GSGS%77M7O777p7`y/E78&+BX"7"N.dateectionngth&R6R6R6&R6777777-one","vQ6N<Nzg3NDA3MzQzMDMwNjg3MA%253D%253D&d=%7B%22dt%22%3A%221397218193752%22%2C%22refer%22%3A%22sohuNews%22%2C%22net%22%3A%22wifi%22%2C%22ttime%22%3A%22291318%22%2C%22ptime%22%3A%220%22%2C%22vid%22%3A%22rO80d7ey-FG40ubui2yWaA..%22%2C%22ip%22%3A%22171.221.167.152%22%7D&token=63586e3be766e402e4ae2c2b8311710d&appid=7 HTTP/1.1User-Agent Host track.ku6.comConnection Keep-Aliveified":"1335572512630","desc":"\u5929\u5929-\u6c34\u5f69\u753b\u9759\u7269\u793a\u8303\u6559\u7a0b B","categoryid":"111000","catename":"\u6559\u80b2","status":"21","isnew":"","liked":0,"disliked":0,"viewed":0},{"vid":"FbF2oP8TfjJ_hHnb","title":"\u5c11\u513f\u4eb2\u5b50\u53e3\u90e8\u64cd","picpath":"i2.ku6img.com\/encode\/picpath\/2011\/5\/3\/4\/1307491744383_1721383_1721383\/5.jpg","userid":"7282918","tag":"\u5c11\u513f\u4eb2\u5b50\u53e3\u90e8\u64cd","nick":"gipsykings","videotime":"51","videosize":"0","uploadtime":"1304368820108","lastmodified":"1341429136376","desc":"\u5c11\u513f\u4eb2\u5b50\u53e3\u90e8\u64cd","qQ6N<7'7"7%+ked":0,"viewed":0},{"vid":"rYWgE3dP-dtt9UqiTEpCNA..","title":"2013\u9a7e\u8003 \u79d1\u76ee\u4e8c\u8003\u8bd5\u6280\u5de7\u57f9\u8bad\u89c6\u9891\u201d","picpath":"vi0.ku6img.com\/data2\/p3\/ku6video\/2013\/5\/11\/11\/1373486926687_56186944_56186944\/1.jpg","userid":"18174438","tag":"2013\u9a7e\u8003 \u79d1\u76ee\u4e8c\u8003\u8bd5\u6280\u5de7\u57f9\u8bad\u89c6\u9891\u201d","nick":"\u79e6\u59cb\u7687","videotime":"1582","videosize":"0","uploadtime":"1368234983586","lastmodified":"1368244896624","desc":"2013\u9a7e\u8003 \u79d1\u76ee\u4e8c\u8003\u8bd5\u6280\u5de7\u57f9\u8bad\u89c6\u9891\u201d","categoryid":"111000","catename":"\u6559\u80b2","status":"21","isnew":"","liked":0,"disliked":0,"viewed":0},{"vid":"Kq-UmAFxy0LLy8SKEWCz3Q..","title":"\u513f\u6b4c\u89c6\u9891\u5927\u5168 \u513f\u6b4c \u7334\u5b50\u84b8\u7cd5","picpath":"vi1.ku6img.com\/data2\/p5\/ku6video\/2013\/5\/10\/22\/1373447323530_56093299_56093299\/6.jpg","userid":"21755791","tag":"\u970'7&+@\7@7@7JY77p7077z7~77~7ideosize":"0","uploadtime":"1363486127897","lastmodified":"1363487464869","desc":"2013\u65b0\u4eba\u6559\u7248\u5c0f\u5b66\u82f1\u8bed\u4e09\u5e74\u7ea7\u4e0b\u518c\u52a8\u753b\u5b66\u4e60\u89c6\u9891\u6559\u7a0b\u7b2c\u4e00\u5355\u5143","categoryid":"111000","catename":"\u6559\u80b2","status":"21","isnew":"","liked":0,"disliked":0,"viewed":0},{"vid":"rZdmkKX7_8BsnJNChKJbMw..","title":"\u6625\u5bab\u56fe\uff08\u4e0a\uff09","picpath":"vi0.ku6img.com\/data1\/p1\/ku6video\/2013\/4\/6\/9\/1370452873119_50111306_50111306\/7.jpg","userid":"22044290","tag":"\u6587\u5316\u827a\u672f \u7eaa\u5f55\u7247","nick":"\u5947\u95fb\u901f\u9012","videotime":"599","videosize":"0","uploadtime":"1365212455405","lastmodified":"1365213107897","desc":"\u6625\u5bab\u56fe\uff08\u4e0a\uff09","categoryid":"111000","catename":"\u6559\u80b2","status"user-agenthostconnectionCfC,-D[!Dp"7"D{"D%+777  &@{@77mP7p7,7"7070$7@#7#7"7"7(R6ER6Q6a6 &&7qEEp7EEE>EEE "7pD,OD 7Q6Q6pD,pD,wD,[mPYmP('7Ep7+Bp7X & @ ``7%+%77)7/7!7!7@ 7!7!GET /?dt=1397218193752&guid=NTgzNzg3NDA3MzQzMDMwNjg3MA%253D%253D&d=%7B%22dt%22%3A%221397218193752%22%2C%22refer%22%3A%22sohuNews%22%2C%22net%22%3A%22wifi%22%2C%22ttime%22%3A%22291318%22%2C%22ptime%22%3A%220%22%2C%22vid%22%3A%22rO80d7ey-FG40ubui2yWaA..%22%2C%22ip%22%3A%22171.221.167.152%22%7D&token=63586e3be766e402e4ae2c2b8311710d&appid=7 HTTP/1.0X-Real-IP: 123.125.122.26Host: track.ku6.comConnection: closeUser-Agent: "lastmo "787-p7-"77Q6`.6$6$7C$7M$7&{=Y$7h$7k$7~y$7$7$7.$7$7$7C/-^7.^5_35554877_35554877\/5.jpg","userid":"19807933","tag":"PS \u7528\u201c\u62bd\u51fa\u201d\u66f4\u6362\u7167\u7247\u80cc\u666f","nick":"13tian\u4e200 OKContent-Typetext/htmlcontent-typeContent-Length29content-lengthConnectioncloseconnectionDateFri, 11 Apr 2014 12:06:18 GMTdatetext/html4\u6%7%7%7%7HTTP/1.1 200 OKServer: nginx/1.3.8Date: Fri, 11 Apr 2014 12:06:07 GMTContent-Type: text/htmlContent-Length: 29Connection: close39f\u9b54\u65b9","p$7%+-7[&7%7ER6ER6Q6a6 &7@&77@TDp7'7&7[0.013] 123.125.122.26 - - [11/Apr/2014:20:06:07 +0800] "GET /?dt=1397218193752&guid=NTgzNzg3NDAqN<N<P(7P(7PPuPPsPi2p37(47E5+B5X6 {@ '`2@//7QUERY_STRINGcatid=104000&exp=86400REQUEST_METHODGETCONTENT_TYPECONTENT_LENGTHSCRIPT_NAME/index.php+REQUEST_URI/kv/catindexvideos_m?catid=104000&exp=86400DOCUMENT_URI/index.phpDOCUMENT_ROOT/exports/www/snda_xmsy/mapiSERVER_PROTOCOLHTTP/1.1GATEWAY_INTERFACECGI/1.1SERVER_SOFTWAREnginx/1.3.8REMOTE_ADDR122.11.32.141REMOTE_PORT4815SERVER_ADDR122.11.32.141SERVER_PORT80SERVER_NAMEREDIRECT_STATUS200%SCRIPT_FILENAME/exports/www/snda_xmsy/mapi/index.phpHTTP_HOST122.11.32.141HTTP_ACCEPT*/*^{P--,7g70*-7-7-7`.6$-7-7-777H2X-Powered-ByPHP/5.4.11x-powered-byContent-typetext/htmlcontent-typetext/htmli2.7.7H.7.7HTTP/1.1 200 OKServer: nginx/1.3.8Date: Mon, 08 Jun 2015 05:10:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveX-Powered-By: PHP/5.4.1117@j2@/-2[P2i2g7g7g7w7607....,7....607h07.../.07h7h7g7w76X271727111117hl7hl7g7w7637X27h371111H27ql7ql7g7w76P237111137111163747111137H2H2H2X264757H2H2H2X24711116X57h67X2X2X2h2H57X2X2X2h2667(172@TD5x07577784767 7777p77p77p7777100077(87(87(87:8717 i2X277747872767491`(7X27/7x37i2a(N<(N<P+P+P+P+3P+Pz 122.11.39.664sPw7QN<:7 D797D797z * :7Z122.11.32.134>qP?7Ap}7N<P3!+p+p06"Y,2g<>1N<N<:7:7/1.1Host mapi.ku6.comAccept */*]6`a6Q60@7p;7X60Q6X6[\6Q6LA7<7R60Q6Zg6g6MG~\`6#uU A7\6\6\6$A7 A7<A7;7`y/*EW6\6\6HTTP>qPU6H*+`v0tCB]6`a6Q6@D7?7X60Q6X6[\6Q6|+@7R60Q6Zg6g6MG~\`6#uUP+\6\6\6T+P+l+?7`y/*EW6\6\6I8:7Ba6"N`.6$content-type;6.606;6T+k+P+t+R+ D7 E7P+P+P+P+h:7P+Pz 122.11.39.65mP`+q8N<6(N<(N<p@+E7 F70E7@766660p</[email protected]_xmsy/mapi/indeN<N<G7G7Content-type: text/html{"meta":{"err":0,"msg":"ok"},"data":{"uid":24683759,"nickname":"\u25c7\u25c6~~~\u67d0\u5e74\u67d0\u6708\u67d0\u65e5\u6674","vid":"4CPxZ9jwIVsyLLOZQ-G_qQ..","create_time":1432785121,"title":"2015.05.27 08:32","play_count":3880,"videotime":30,"desc":"","picPath":"http:\/\/vi1.ku6img.com\/data2\/p8\/ku6video\/2015\/5\/27\/8\/1438182983392_137971337_137971337\/102.jpg","status":21,"uploadTime":1432785121,"like_count":2,"comment_count":0,"topicid":237210575,"icon":"http:\/\/img.ku6.com\/common\/headface\/male\/18_small.jpg","vip":0}}RT36625SERVER_ADDR122.11.32.141SERVER_PORT80SERVER_NAMEREDIRECT_STATUS200%SCRIPT_FILENAME/exports/www/snda_xmsy/mapi/index.phpHTTP_HOSTmapi.ku6.comHTTP_ACCEPT*/*P--(K710*L7L7L7`.6$L7L7L7K7/.XV702X-Powered-ByPHP/5.4.11x-powered-byContent-typetext/htmlcontent-typetext/htmlpQ7$N7$N7pM7$N7HTTP/1.1 200 OKServer: nginx/1.3.8Date: Mon, 08 Jun 2015 05:10:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveX-Powered-By: PHP/5.4.11 M73-2[`311116`3@O72@TD.@O7Q7(P7xP7xP7xP7P7200P7P7(P7(N7@O7P7P7Q7Q7P7Q7Q7[0.009] 122.11.32.134 - - [08/Jun/2015:13:10:13 +0800] "GET /dk/video/recommend/one HTTP/1.1" 200 524 "-" "-" "-"8R7hostaccept7/exports/www/snda_xmsy/mapi/index.php?commend/oneR7CfC-P-D[!D02"D{"D32PW7G7 6@{@S7S7>qPG7~00T7`20G7Z211116`2UEFE EEEE2K[11R759195122.11.32.14180isli2222W728G7.W7VRUu#SKY!SP#6O; xNBhf3x4I,J}0y0a4NnDx{YV0*H010UUS10UVeriSign, Inc.10UVeriSign Trust Network1;09U2Terms of use at https://www.verisign.com/rpa (c)101/0-U&VeriSign Class 3 Secure Server CA - G30130715000000Z140801235959Z010UCN10UShanghai10UShanghai1-0+U$Shanda Computer (Shanghai) Co., Ltd.10UBilling1301U*Terms of use at www.verisign.com/rpa (c)0510U*.sdo.com0"0*H03Rx$KyJwJCSC5VxL*]KQ0USk,a%wfAci"Q[L|p)FiR9NxoMUT`B'c{)[PYM*`B8NQP6{Pt-&k_5?f==0+R'gfZyE,NlpfsO'2"2Bo9

漏洞证明:

RT

修复方案:

**

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:3

确认时间:2015-06-09 14:36

厂商回复:

感谢

最新状态:

暂无