first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
This commit is contained in:
30
openssl/CVE-2014-0160/README.zh-cn.md
Normal file
30
openssl/CVE-2014-0160/README.zh-cn.md
Normal file
@@ -0,0 +1,30 @@
|
||||
# OpenSSL 心脏出血内存泄露漏洞(CVE-2014-0160)
|
||||
|
||||
心脏出血是OpenSSL库中的一个内存漏洞,攻击者利用这个漏洞可以服务到目标进程内存信息,如其他人的Cookie等敏感信息。
|
||||
|
||||
参考链接:
|
||||
|
||||
- https://heartbleed.com/
|
||||
- https://filippo.io/Heartbleed
|
||||
|
||||
## 环境搭建
|
||||
|
||||
运行如下命令启动一个使用了OpenSSL 1.0.1c的Nginx服务器:
|
||||
|
||||
```
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
环境启动后,访问`https://your-ip:8443`即可查看到hello页面(需要忽略https错误)。
|
||||
|
||||
> 我们在运行这个环境的时候遇到过一个错误,部分AMD架构的CPU无法成功访问https页面,如果你也遇到过类似的问题,可以换Intel CPU试试。
|
||||
|
||||
## 漏洞复现
|
||||
|
||||
访问<https://filippo.io/Heartbleed>进行在线检测:
|
||||
|
||||
|
||||
|
||||
Python运行[ssltest.py](ssltest.py),拿到敏感数据(Cookie):
|
||||
|
||||
|
||||
Reference in New Issue
Block a user