How to upload large data to a web server

From EggeWiki
Revision as of 01:05, 21 November 2008 by Egge (talk | contribs) (New page: One area where applications are often vulnerable is attacks which post large amounts of data to the server. The server might be expecting only a user name, and may fail if given a large a...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

One area where applications are often vulnerable is attacks which post large amounts of data to the server. The server might be expecting only a user name, and may fail if given a large amount of data. Here's an easy way to see what happens when you send a web server a load of garbage.

First we'll use dd to create a file filled with random data. Here I create a 50MB file. <geshi lang="bash"> dd if=/dev/zero of=/tmp/bigfile bs=1024 count=51200 </geshi>

Next, we'll send that file to the web server and see what happens: <geshi lang="bash"> curl -v -L -F file=@/tmp/bigfile -k -c cj https://banking.example.com/login.cgi </geshi>

I used the following options:

  • -v verbose
  • -L follow location hints
  • -F Specify HTTP multipart POST data
  • -k Allow connections to SSL sites without certs
  • -c Write cookies to this file after operation