How to upload large data to a web server
One area where applications are often vulnerable is attacks which post large amounts of data to the server. The server might be expecting only a user name, and may fail if given a large amount of data. Here's an easy way to see what happens when you send a web server a load of garbage.
First we'll use dd to create a file filled with random data. Here I create a 50MB file. <geshi lang="bash"> dd if=/dev/zero of=/tmp/bigfile bs=1024 count=51200 </geshi>
Next, we'll send that file to the web server and see what happens: <geshi lang="bash"> curl -v -L -F file=@/tmp/bigfile -k -c cj https://banking.example.com/login.cgi </geshi>
I used the following options:
- -v verbose
- -L follow location hints
- -F Specify HTTP multipart POST data
- -k Allow connections to SSL sites without certs
- -c Write cookies to this file after operation