乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-03: 细节已通知厂商并且等待厂商处理中 2015-03-04: 厂商已经确认,细节仅向厂商公开 2015-03-14: 细节向核心白帽子及相关领域专家公开 2015-03-24: 细节向普通白帽子公开 2015-04-03: 细节向实习白帽子公开 2015-04-17: 细节向公众公开
收到一封骗取apple ID密码的邮件,其中假冒apple.com的网址是bc.ifeng.com
收到一封骗apple ID密码的邮件,其中有“查看位置”、“锁定设备”两个超链接,均指向http://bc.ifeng.com/c?db=ifeng&bid=16277,15962,3436&cid=2501,59,1&sid=33869&advid=349&camid=3546&show=ignore&url=http://jjhlhlhlkjh.4324554.bjyqttc.com用curl -L -v 访问上述网址,发现ifeng.com未经任何互动就给出了跳转到querystring里指定的网址的302响应。
$ curl -L -v 'http://bc.ifeng.com/c?db=ifeng&bid=16277,15962,3436&cid=2501,59,1&sid=33869&advid=349&camid=3546&show=ignore&url=http://jjhlhlhlkjh.4324554.bjyqttc.com'* Hostname was NOT found in DNS cache* Trying 223.203.209.172...* Connected to bc.ifeng.com (223.203.209.172) port 80 (#0)> GET /c?db=ifeng&bid=16277,15962,3436&cid=2501,59,1&sid=33869&advid=349&camid=3546&show=ignore&url=http://jjhlhlhlkjh.4324554.bjyqttc.com HTTP/1.1> User-Agent: curl/7.37.1> Host: bc.ifeng.com> Accept: */*>< HTTP/1.1 302 Found< Date: Mon, 02 Mar 2015 02:46:23 GMT* Server Apache is not blacklisted< Server: Apache< P3P: CP="OTI PSA OUR"< Set-Cookie: ALLYESID4=EE128B79CD88D545 ; expires=Wednesday, 02-Nov-2099 00:00:00 GMT ; path=/ ; domain=.allyes.com< Set-Cookie: ALLYESSESSION1=394f55f9cd88d; path=/; domain=.allyes.com< Location: /c?db=ifeng&bid=16277,15962,3436&cid=2501,59,1&sid=33869&advid=349&camid=3546&show=ignore&url=http://jjhlhlhlkjh.4324554.bjyqttc.com&`< Content-Length: 0< Connection: close< Content-Type: text/plain<* Closing connection 0* Issue another request to this URL: 'http://bc.ifeng.com/c?db=ifeng&bid=16277,15962,3436&cid=2501,59,1&sid=33869&advid=349&camid=3546&show=ignore&url=http://jjhlhlhlkjh.4324554.bjyqttc.com&`'* Hostname was found in DNS cache* Trying 223.203.209.172...* Connected to bc.ifeng.com (223.203.209.172) port 80 (#1)> GET /c?db=ifeng&bid=16277,15962,3436&cid=2501,59,1&sid=33869&advid=349&camid=3546&show=ignore&url=http://jjhlhlhlkjh.4324554.bjyqttc.com&` HTTP/1.1> User-Agent: curl/7.37.1> Host: bc.ifeng.com> Accept: */*>< HTTP/1.1 302 Found< Date: Mon, 02 Mar 2015 02:46:23 GMT* Server Apache is not blacklisted< Server: Apache< Set-Cookie: ALLYESID4=09B7047ED0B94594 ; expires=Wednesday, 02-Nov-2099 00:00:00 GMT ; path=/ ; domain=.ifeng.com< Location: http://jjhlhlhlkjh.4324554.bjyqttc.com< Cache-Control: no-cache,must-revalidate< P3P: CP="OTI PSA OUR"< Pragma: no-cache< Expires: -1< Content-Length: 0< Connection: close< Content-Type: text/plain<* Closing connection 1* Issue another request to this URL: 'http://jjhlhlhlkjh.4324554.bjyqttc.com'
危害等级:低
漏洞Rank:2
确认时间:2015-03-04 13:35
非常感谢,我们正在处理。
暂无
