How to upload large data to a web server

From EggeWiki
Jump to navigation Jump to search

One area where applications are often vulnerable is attacks which post large amounts of data to the server. The server might be expecting only a user name, and may fail if given a large amount of data. Here's an easy way to see what happens when you send a web server a load of garbage.

First we'll use dd to create a file filled with random data. Here I create a 50MB file. <geshi lang="bash"> dd if=/dev/zero of=/tmp/bigfile bs=1024 count=51200 </geshi>

Next, we'll send that file to the web server and see what happens: <geshi lang="bash"> curl -v -L -F file=@/tmp/bigfile -k -c cj https://banking.example.com/login.cgi </geshi>

I used the following options:

  • -v verbose
  • -L follow location hints
  • -F Specify HTTP multipart POST data
  • -k Allow connections to SSL sites without certs
  • -c Write cookies to this file after operation