XSS dos attack server limit DOS

Mexican classmate weekend very depressed in the hotel Internet, found that YouTube was ban, so wrote a tool to solve the problem. Incidentally, a loophole that uses Google's statistics is written here.

Http://sirdarckcat.blogspot.com/2009/04/how-to-use-google-analytics-to-dos.html

This problem is actually caused by the request field limit of webserver.

Webserver generates a 400 or 4xx error when the HTTP request header is too long

Your Browser sent a request that this server could not understand.
Size of a Request header field exceeds server limit.

If these extra-long data is kept in a cookie, or if the HTTP header is long enough for the user to access each time, it will cause the user to have no access to the domain name, which is DOS.

Sirdarckcat found that there is a set-cookie in Google's statistics page, there is no control, similar to the search engine parameters will cause referer too long

Where these users can control will cause the HTTP request field to be very long, causing the server to return a server limit error.

Each webserver is a bit different, Apache may be 8192 bytes , specifically refer to here:

Http://apache.active-venture.com/mod/core6.htm

Eggplant tested in the afternoon, found in IE 8 can add 50 cookies, because each cookie limit is 4k (key, value pair), so the IE8 support cookie size is 204k. This is also the IE 8 new, not so big before. But these are far beyond the general webserver default server limit value

Btw:apache the Limite of HTTP request body is 2G by default.

It is worth noting that using XSS, you will be able to write cookies, resulting in this server limit Dos attack .

I have a POC:

<script language= "JavaScript" >alert (document.cookie); var metastr = "Aaaaaaaaaa"; Avar str = "" while (Str.length < 4000) {    str + metastr;} Alert (str.length);d Ocument.cookie = "evil3=" + "<script>alert (XSS) </script>" + "; Expires=thu, 18-apr-2019 08:37:43 GMT; ";    Some older versions of Webserver may also exist here Xssdocument.cookie = "evil1=" + str + "; Expires=thu, 18-apr-2019 08:37:43 GMT;"; Document.cookie = "evil2=" + str + "; Expires=thu, 18-apr-2019 08:37:43 GMT;"; Alert (Document.cookie);</script>

After this script is run, 3 cookies are planted under the current domain, with a total length of more than 8192 bytes, and then requesting the domain is inaccessible.

Because it is a stored cookie, it causes the user to be unable to access the site until the cookie is cleaned.

For the Internet site, users are the most important and most valuable resources, even if the user's account is stolen, the loss of the Internet company may not be the user can not access the site caused by large losses.

Using XSS WORM or the more powerful XSS, can easily cause thousands of, tens of thousands of of users cannot access the site!

Excerpt from: http://hi.baidu.com/aullik5/blog/item/6947261e7eaeaac0a7866913.html

XSS dos attack server limit DOS