-
-
Save atomic-penguin/1174096 to your computer and use it in GitHub Desktop.
Simple function to check for the "Apache Killer" (see http://lists.grok.org.uk/pipermail/full-disclosure/2011-August/082299.html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/php | |
| <?php | |
| function testForExploit($strUrl = NULL) { | |
| // I would love to use “filter_var($strLongUrl, FILTER_VALIDATE_URL)” here, | |
| // but let us be honest, it sucks even more than regular expressions do. | |
| // (http://snipplr.com/view/14198/useful-regex-functions/) | |
| if (!preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', $strUrl)) { | |
| return false; | |
| } | |
| $oCurl = curl_init($strUrl); | |
| curl_setopt_array($oCurl, array (CURLOPT_HTTPHEADER => array('Range: bytes=0-4') | |
| ,CURLOPT_RETURNTRANSFER => 1 | |
| ,CURLOPT_TIMEOUT => 15 | |
| ,CURLOPT_CONNECTTIMEOUT => 0 | |
| ,CURLOPT_SSL_VERIFYHOST => 0 | |
| ,CURLOPT_SSL_VERIFYPEER => 0 | |
| ,CURLOPT_FOLLOWLOCATION => 1 | |
| ,CURLOPT_HEADER => 1 | |
| ,CURLOPT_NOBODY => 1 | |
| ,CURLOPT_ENCODING => 'gzip')); | |
| $strReturn = curl_exec($oCurl); | |
| if (strpos($strReturn, 'Partial') !== false) { | |
| echo "Probably exploitable: ".$strReturn."\n\n"; | |
| } else { | |
| echo "Probably NOT exploitable: ".$strReturn."\n\n"; | |
| } | |
| } | |
| foreach ( $argv as $arg ) { | |
| if ( ! preg_match( '/http:\/\//', $arg ) ) { | |
| $host = "http://" . $arg; | |
| } else { | |
| $host = $arg; | |
| } | |
| echo "$host\n"; | |
| testForExploit($host); | |
| } | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment