CVE-2014-0160 PoC — OpenSSL 缓冲区错误漏洞

Source

https://github.com/mozilla-services/Heartbleed

Associated Vulnerability

Title:OpenSSL 缓冲区错误漏洞 (CVE-2014-0160)
Description:OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层（SSL v2/v3）和安全传输层（TLS v1）协议的通用加密库，它支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL的TLS和DTLS实现过程中的d1_both.c和t1_lib.c文件中存在安全漏洞，该漏洞源于当处理Heartbeat Extension数据包时，缺少边界检查。远程攻击者可借助特制的数据包利用该漏洞读取服务器内存中的敏感信息(如用户名、密码、Cookie、私钥等)。以下版本的OpenSSL受到

Description

A checker (site and tool) for CVE-2014-0160

Readme

The Heartbleed test server. With caching by Mozilla.

Install the `SAMPLE.aws-config.json` as `~/.aws-config.json` or `/etc/aws-config.json` or in a path specified by the `GODYNAMO_CONF_FILE` env var.

```
Usage:
  HBserver --redir-host=<host> [--listen=<addr:port> --expiry=<duration>]
  HBserver -h | --help
  HBserver --version

Options:
  --redir-host HOST   Redirect requests to "/" to this host.
  --listen ADDR:PORT  Listen and serve requests to this address:port [default: :8082].
  --expiry DURATION   ENABLE CACHING. Expire records after this period.
                      Uses Go's parse syntax
                      e.g. 10m = 10 minutes, 600s = 600 seconds, 1d = 1 day, etc.
  -h --help           Show this screen.
  --version           Show version.
```

File Snapshot


 [4.0K]  /data/pocs/54b4efb94617569cf4a147d8c4b4e690065d5032
├── [6.3K]  bleed_serve_moz.go
├── [ 243]  build
├── [1.1K]  LICENSE
├── [4.0K]  metrics
│   └── [3.0K]  metrics.go
├── [ 768]  README.md
├── [ 145]  run
└── [ 484]  SAMPLE.aws-config.json

1 directory, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!