{"id":1435,"date":"2014-10-10T07:31:56","date_gmt":"2014-10-09T23:31:56","guid":{"rendered":"http:\/\/localhost\/portal\/2014\/10\/10\/hacker-shellshock-yahoo\/"},"modified":"2014-10-10T07:31:56","modified_gmt":"2014-10-09T23:31:56","slug":"hacker-shellshock-yahoo","status":"publish","type":"post","link":"https:\/\/www.cyberhunter.com.tw\/?p=1435","title":{"rendered":"\u7f85\u99ac\u5c3c\u4e9e\u99ed\u5ba2\u5229\u7528Shellshock\u6f0f\u6d1e\u5165\u4fb5\u96c5\u864e\uff0c\u4e0d\u5c0f\u5fc3\u6253\u4e2dWeb log \u6f0f\u6d1e"},"content":{"rendered":"
\u7f85\u99ac\u5c3c\u4e9e\u99ed\u5ba2\u8a66\u5716\u5229\u7528Shellshock\u6f0f\u6d1e\u5728Unix\u4e3b\u6a5f\u4e0a\u5efa\u7acb\u50f5\u5c4d\u7db2\u8def\uff0c\u4e26\u7528\u4ee5\u5165\u4fb5\u96c5\u864e\u4f3a\u670d\u5668\u3002\u539f\u5148\u96c5\u864e\u4ee5\u70ba\u662f\u4e3b\u6a5f\u6709Shellshock\u6f0f\u6d1e\u800c\u906d\u53d7\u653b\u64ca\uff0c\u96c5\u864e\u8cc7\u5b89\u8abf\u67e5\u4e4b\u5f8c\u767c\u73fe\uff0c\u5176\u5be6\u99ed\u5ba2\u6253\u4e2d\u7684\u662f\u8a72\u516c\u53f8Web log\u9664\u932f\u5de5\u5177\u4e00\u500b\u525b\u597d\u8207Bash Shell\u4e00\u6a23\u6709\u300c\u6307\u4ee4\u63d2\u5165\u300d\u7455\u75b5\u7684\u6f0f\u6d1e\u3002<\/div>\n
 <\/div>\n
iThome \u6587<\/a>\/\u6797\u598d\u6eb1 | 2014-10-07\u767c\u8868<\/div>\n

<\/p>\n

\u5b89\u5168\u7814\u7a76\u4eba\u54e1\uff0c\u540c\u6642\u4e5f\u662f\u5b89\u5168\u516c\u53f8Future South\u7e3d\u88c1Jonathan Hall\u767c\u73fe\uff0c\u5305\u542b\u96c5\u864e\u5728\u5167\u7684\u4f3a\u670d\u5668\u906d\u5230\u7f85\u99ac\u5c3c\u4e9e\u99ed\u5ba2\u5229\u7528Shellshock\u6f0f\u6d1e\u9032\u884c\u653b\u64ca\uff0c\u4e0d\u904e\u96c5\u864e\u65b9\u9762\u5247\u6307\u88ab\u5165\u4fb5\u7684\u4f3a\u670d\u5668\u4e26\u7121Shellshock\u6f0f\u6d1e\u3002<\/div>\n
 <\/div>\n
Hall\u76e3\u63a7\u5230\u4e00\u500b\u7f85\u99ac\u5c3c\u4e9e\u7d44\u7e54\u5229\u7528Shellshock\u53ca\u5176\u4ed6\u6f0f\u6d1e\u5728Unix\u4e3b\u6a5f\u4e0a\u5efa\u7acb\u50f5\u5c4d\u7db2\u8def\uff0c\u4e26\u5229\u7528IRC channel\u50b3\u9001\u6307\u4ee4\u7d66\u53d7\u5f71\u97ff\u7684\u4e3b\u6a5f\u3002\u53d7\u5f71\u97ff\u7684\u4e3b\u6a5f\u5305\u62ecYahoo! Network\u3001Lycos\u53caWinzip.com\u7b49\u3002<\/div>\n
 <\/div>\n
Hall\u8aaa\u660e\uff0c\u4ed6\u4e00\u958b\u59cb\u662f\u5728Google\u4e0a\u641c\u5c0b\u9084\u672a\u4fee\u88dcShellshock\u6f0f\u6d1e\u7684\u4e3b\u6a5f\uff0c\u767c\u73feWinZip.com\u88ab\u99ed\u5ba2\u7528\u65bc\u8ffd\u8e64\u5176\u4ed6\u672a\u4fee\u88dc\u7684\u4f3a\u670d\u5668\u3002\u4ed6\u5faa\u7dda\u767c\u73fe\uff0c\u7f85\u99ac\u5c3c\u4e9e\u99ed\u5ba2\u5df2\u5165\u4fb5\u96c5\u864e\u4f3a\u670d\u5668\uff0c\u4e26\u958b\u59cb\u6e96\u5099\u5165\u4fb5\u5ee3\u53d7\u6b61\u8fce\u7684Yahoo! Games\u4f3a\u670d\u5668\u3002<\/div>\n
 <\/div>\n
\u767c\u73fe\u554f\u984c\u5f8cHall\u9664\u4e86\u5411FBI\u901a\u5831\uff0c\u4e5f\u806f\u7d61\u96c5\u864e\u3001\u751a\u81f3\u4ee5\u96fb\u5b50\u90f5\u4ef6\u3001Twitter\u806f\u7e6b\u96c5\u864eCEO Marissa Mayer\u3002\u5728\u7d66\u96c5\u864e\u7684\u4fe1\u4ef6\u4e2d\uff0c\u4ed6\u660e\u767d\u6307\u51fa\u96c5\u864e\u5169\u500b\u53d7\u5f71\u97ff\u7684\u4e3b\u6a5f\u4f4d\u7f6e\u53ca\u4ed6\u8ffd\u8e64\u7684\u65b9\u6cd5\uff0c\u4f46\u96c5\u864e\u4e26\u6c92\u6709\u56de\u61c9\u3002<\/div>\n
 <\/div>\n
\u96c5\u864e\u767c\u8a00\u4eba\u9996\u5148\u5c0d\u5a92\u9ad4\u8868\u793a\uff0c\u8a72\u516c\u53f8\u7684\u78ba\u767c\u73fe3\u53f0\u4f3a\u670d\u5668\u906d\u99ed\u5ba2\u7d93\u7531Shellshock\u6f0f\u6d1e\u653b\u64ca\u5165\u4fb5\u3002\u4e0d\u904e\u5f8c\u4f86\u96c5\u864e\u8cc7\u5b89\u9577Alex Stamos\u96a8\u5f8c\u6f84\u6e05\uff0c\u99ed\u5ba2\u653b\u64ca\u7684\u4e26\u975eShellshock\u6f0f\u6d1e\u3002\u4ed6\u6307\u51fa\uff0cYahoo Sport API 3\u53f0\u4f3a\u670d\u5668\u5728\u5468\u672b\u906d\u5230\u8a66\u5716\u5c0b\u627eShellshock\u7684\u99ed\u5ba2\u653b\u64ca\uff0c\u99ed\u5ba2\u4fee\u6539\u4e86\u653b\u64ca\u624b\u6cd5\uff0c\u7e5e\u904eIDS\/IDP\u7cfb\u7d71\u6216\u7db2\u9801\u9632\u706b\u7246\uff0c\u4e14\u525b\u597d\u547d\u4e2dSports\u5718\u968a\u7528\u4f86\u5206\u6790Web log\u4e26\u9664\u932f\u7684\u63cf\u8ff0\u8a9e\u8a00\u4e2d\u7684\u4e00\u500b\u6307\u4ee4\u63d2\u5165\uff08command injection\uff09\u7455\u75b5\u3002Stamos\u8868\u793a\uff0c\u9019\u9805\u7455\u75b5\u53ea\u9650\u65bc\u5c11\u6578\u5e7e\u53f0\u6a5f\u5668\uff0c\u4e14\u5df2\u7d93\u4fee\u88dc\uff0c\u4e26\u5c07\u5176\u7279\u5fb5\u52a0\u5165\u8a72\u516c\u53f8\u7a0b\u5f0f\u78bc\u6383\u7784\u5de5\u5177\u4e2d\uff0c\u4ee5\u5f37\u5316\u672a\u4f86\u9632\u7bc4\u3002<\/div>\n
 <\/div>\n
Stamos\u8072\u7a31\uff0c\u65e9\u5728Shellshock\u7b49Bash\u5f31\u9ede\u516c\u4f48\u5f8c\uff0c\u96c5\u864e\u5373\u5df2\u7acb\u5373\u4e26\u6210\u529f\u4fee\u88dc\uff0c\u800c\u96c5\u864e\u5728\u767c\u73fe\u5165\u4fb5\u6642\u5c07\u53d7\u5f71\u97ff\u7684\u4e3b\u6a5f\u9694\u96e2\uff0c\u7d93\u7814\u7a76\u767c\u73fe\u4e26\u975e\u4e00\u958b\u59cb\u4ee5\u70ba\u7684Shellshock\u6f0f\u6d1e\u653b\u64ca\u3002\u5982\u540c\u7b2c\u4e00\u6b21\u96c5\u864e\u516c\u95dc\u7684\u8aaa\u8a5e\uff0c\u4ed6\u518d\u6b21\u5f37\u8abf\u6c92\u6709\u4f7f\u7528\u8005\u8cc7\u6599\u5728\u9019\u6b21\u5165\u4fb5\u4e2d\u906d\u5230\u7aca\u53d6\u3002<\/div>\n
 <\/div>\n
\u5c0d\u65bc\u7814\u7a76\u4eba\u54e1\u7684\u6307\u63a7\uff0cStamos\u8aaa\u660e\uff0c\u96c5\u864e\u76f8\u7576\u91cd\u8996\u5916\u90e8\u5b89\u5168\u901a\u5831\uff0c24×7\u76e3\u63a7Bug Bounty \uff08bugbounty.yahoo.com\uff09 \u53ca\u5b89\u5168\u670d\u52d9\u4fe1\u7bb1\uff08security@yahoo.com\uff09\uff0c\u4e26\u4e14\u5c0d\u53ef\u4fe1\u7684\u6d88\u606f\u7acb\u5373\u56de\u61c9\u3002\u800c\u4ed6\u5011\u5728CEO\u63a5\u7372\u4fe1\u4ef6\u5f8c\u4e00\u5c0f\u6642\u5167\u5373\u5df2\u9694\u96e2\u7cfb\u7d71\u53ca\u555f\u52d5\u8abf\u67e5\u3002<\/div>\n
 <\/div>\n
\u4e5d\u6708\u5e95\u63ed\u9732\u7684Shellshock\u6f0f\u6d1e\u5b58\u5728\u65bcUNIX\u5e73\u53f0\u88ab\u5ee3\u6cdb\u4f7f\u7528\u7684Bash Shell\uff0c\u8a72\u6f0f\u6d1e\u53ef\u80fd\u8b93\u99ed\u5ba2\u9060\u7aef\u57f7\u884c\u60e1\u610f\u7a0b\u5f0f\uff0c\u5f71\u97ffGNU\u3001Linux\u53caMac OS\u7b49\u57fa\u65bcUNIX\u7684\u5404\u7a2e\u4f5c\u696d\u7cfb\u7d71\u3002\u6709\u8cc7\u5b89\u696d\u8005\u8a8d\u70ba\uff0c\u6b64\u4e00\u88ab\u7a31\u70baShell Shock\u7684\u6f0f\u6d1e\u5f71\u97ff\u7a0b\u5ea6\u53ef\u80fd\u66f4\u751a\u65bcHeartbleed\u3002\uff08\u7de8\u8b6f\/\u6797\u598d\u6eb1\uff09<\/div>\n