漏洞平台

POC详情： 09196259622974002a51d09f17d63a6c569c0333

来源

https://github.com/titanous/heartbleeder

关联漏洞

标题： OpenSSL 缓冲区错误漏洞 (CVE-2014-0160)
描述：OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层（SSL v2/v3）和安全传输层（TLS v1）协议的通用加密库，它支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL的TLS和DTLS实现过程中的d1_both.c和t1_lib.c文件中存在安全漏洞，该漏洞源于当处理Heartbeat Extension数据包时，缺少边界检查。远程攻击者可借助特制的数据包利用该漏洞读取服务器内存中的敏感信息(如用户名、密码、Cookie、私钥等)。以下版本的OpenSSL受到

描述

OpenSSL CVE-2014-0160 Heartbleed vulnerability test

介绍

# Heartbleeder

Tests your servers for OpenSSL
[CVE-2014-0160](https://www.openssl.org/news/secadv_20140407.txt) aka
[Heartbleed](http://heartbleed.com/).

**WARNING**: No guarantees are made about the accuracy of results, and you
should verify them independently by checking your OpenSSL build.

Pull requests welcome.

## Usage

```text
$ heartbleeder example.com
INSECURE - example.com:443 has the heartbeat extension enabled and is vulnerable
```

### Multiple hosts

Multiple hosts may be monitored by setting `-hostfile` flag to a file with
newline separated addresses. A web dashboard is available at
`http://localhost:5000` by default.

### Testing PostgreSQL

Postgres uses OpenSSL in a slightly different way. To test whether a Postgres
server is vulnerable, run the following (defaults to port 5432):

```text
$ heartbleeder -pg example.com
SECURE - example:5432 does not have the heartbeat extension enabled
```

### Installation

Binaries are available from
[gobuild.io](https://gobuild.io/download/github.com/titanous/heartbleeder).

Build from source by running `go get -u github.com/titanous/heartbleeder`, which
will put the code in `$GOPATH/src/github.com/titanous/heartbleeder` and a binary
at `$GOPATH/bin/heartbleeder`.

Requires Go version >= 1.2. On Ubuntu
[godeb](http://blog.labix.org/2013/06/15/in-flight-deb-packages-of-go) is an
easy way of getting the latest version of Go.

## Credits

The TLS implementation was borrowed from the Go standard library.

文件快照


 [4.0K]  /data/pocs/09196259622974002a51d09f17d63a6c569c0333
├── [3.9K]  heartbleeder.go
├── [1.6K]  LICENSE
├── [4.0K]  man
│   ├── [ 104]  heartbleeder.1.header
│   ├── [1.7K]  heartbleeder.txt
│   └── [ 142]  Makefile
├── [5.4K]  monitor.go
├── [1.4K]  README.md
└── [4.0K]  tls
    ├── [2.5K]  alert.go
    ├── [9.1K]  cipher_suites.go
    ├── [ 17K]  common.go
    ├── [ 29K]  conn.go
    ├── [5.3K]  conn_test.go
    ├── [2.2K]  example_test.go
    ├── [3.0K]  generate_cert.go
    ├── [ 16K]  handshake_client.go
    ├── [ 12K]  handshake_client_test.go
    ├── [ 28K]  handshake_messages.go
    ├── [6.1K]  handshake_messages_test.go
    ├── [ 18K]  handshake_server.go
    ├── [ 25K]  handshake_server_test.go
    ├── [4.2K]  handshake_test.go
    ├── [ 12K]  key_agreement.go
    ├── [8.2K]  prf.go
    ├── [4.9K]  prf_test.go
    ├── [4.0K]  testdata
    │   ├── [9.7K]  Client-TLSv10-ClientCert-ECDSA-ECDSA
    │   ├── [9.4K]  Client-TLSv10-ClientCert-ECDSA-RSA
    │   ├── [9.6K]  Client-TLSv10-ClientCert-RSA-ECDSA
    │   ├── [9.3K]  Client-TLSv10-ClientCert-RSA-RSA
    │   ├── [6.4K]  Client-TLSv10-ECDHE-ECDSA-AES
    │   ├── [7.2K]  Client-TLSv10-ECDHE-RSA-AES
    │   ├── [6.1K]  Client-TLSv10-RSA-RC4
    │   ├── [6.6K]  Client-TLSv11-ECDHE-ECDSA-AES
    │   ├── [7.4K]  Client-TLSv11-ECDHE-RSA-AES
    │   ├── [6.1K]  Client-TLSv11-RSA-RC4
    │   ├── [ 10K]  Client-TLSv12-ClientCert-ECDSA-ECDSA
    │   ├── [9.5K]  Client-TLSv12-ClientCert-ECDSA-RSA
    │   ├── [10.0K]  Client-TLSv12-ClientCert-RSA-ECDSA
    │   ├── [9.5K]  Client-TLSv12-ClientCert-RSA-RSA
    │   ├── [6.6K]  Client-TLSv12-ECDHE-ECDSA-AES
    │   ├── [6.2K]  Client-TLSv12-ECDHE-ECDSA-AES-GCM
    │   ├── [7.4K]  Client-TLSv12-ECDHE-RSA-AES
    │   ├── [6.1K]  Client-TLSv12-RSA-RC4
    │   ├── [6.2K]  Server-SSLv3-RSA-3DES
    │   ├── [6.2K]  Server-SSLv3-RSA-AES
    │   ├── [5.9K]  Server-SSLv3-RSA-RC4
    │   ├── [6.3K]  Server-TLSv10-ECDHE-ECDSA-AES
    │   ├── [5.9K]  Server-TLSv10-RSA-3DES
    │   ├── [6.1K]  Server-TLSv10-RSA-AES
    │   ├── [5.6K]  Server-TLSv10-RSA-RC4
    │   ├── [5.6K]  Server-TLSv11-RSA-RC4
    │   ├── [6.8K]  Server-TLSv12-CipherSuiteCertPreferenceECDSA
    │   ├── [7.6K]  Server-TLSv12-CipherSuiteCertPreferenceRSA
    │   ├── [9.2K]  Server-TLSv12-ClientAuthRequestedAndECDSAGiven
    │   ├── [9.1K]  Server-TLSv12-ClientAuthRequestedAndGiven
    │   ├── [6.0K]  Server-TLSv12-ClientAuthRequestedNotGiven
    │   ├── [6.6K]  Server-TLSv12-ECDHE-ECDSA-AES
    │   ├── [6.5K]  Server-TLSv12-IssueTicket
    │   ├── [2.6K]  Server-TLSv12-Resume
    │   ├── [6.2K]  Server-TLSv12-RSA-3DES
    │   ├── [6.5K]  Server-TLSv12-RSA-AES
    │   ├── [7.0K]  Server-TLSv12-RSA-AES-GCM
    │   ├── [5.9K]  Server-TLSv12-RSA-RC4
    │   └── [5.6K]  Server-TLSv12-SNI
    ├── [4.1K]  ticket.go
    ├── [7.5K]  tls.go
    └── [7.1K]  tls_test.go

3 directories, 66 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。