开源中国某分站两处节点存在SSL漏洞下载

来源:黑吧安全网 浏览:606次 时间:2014-06-12
做网站找雨过天晴工作室

有两个分节点可以轻易抓取到大量代码提交者的账号和密码, 可以获取私有Git项目代码。

#KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1

Accept: */*

Referer: http://git.oschina.net/teffy/wenjuan/commits/master

节点:117.135.138.169

节点:219.136.249.194





Accept-Encoding: gzip,deflate,sdch

Accept-Language: zh-CN,zh;q=0.8

Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3



??/<?;4~?#?<J?a??d?Ѻ?n??3f****Lǟ'O??A?5****mail=yaowenqiang111%40163.com&pwd=a30ab71d57e85978b05985abe8fe8e9a8bb53588&save_login=1UA?f??n?8???x?\ok%40126.com&pwd=e5bfb0480dcd9fbc0c9071e95730f77671a02e57&save_login=1.9?s****?$x?d

0O0w04HBwBZEzHYRwJY8RJIo0J%2Bu