• PHP代码审计-File Upload-dvwa靶场


    执行

    <html>
    <head></head>
    <body>
    <form enctype="multipart/form-data" action="high.php" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="100000" />
    	Choose an image to upload:<br /><br />
    	<input name="uploaded" type="file" /><br/>
    	<br />
    	<input type="submit" name="upload" value="upload" />
    </form>
    </body>
    
    </html>
    
    

    low

    <?php
     if(isset($_POST['upload'])){
     	$target_path = "./";
     	$target_path .= basename($_FILES['uploaded']['name']);
     	echo $target_path."<br>";
     if(!move_uploaded_file($_FILES['uploaded']['tmp_name'],$target_path)){
     	echo "上传失败";
     }else{
     	echo "{$target_path}上传成功";
     }
     }
    ?>
    

    medium

    <?php
     if(isset($_POST['upload'])){
     	$target_path = "./";
     	$target_path .= basename($_FILES['uploaded']['name']);
     	$uploaded_name = $_FILES['uploaded']['name'];
     	$uploaded_type = $_FILES['uploaded']['type'];
     	if(($uploaded_type == "image/jpeg") || ($uploaded_type == "image/png")){
    		if(!move_uploaded_file($_FILES['uploaded']['tmp_name'],$target_path)){
    	 		echo "上传失败";
    	 	}else{
    	 		echo "{$target_path}上传成功";
    	 	}
    }else{
    	echo '<pre>Your image was not uploaded. We can only accept JPEG or PNG images.</pre>';
    	}
    }
    ?>
    

    high

    <?php
     if(isset($_POST['upload'])){
     	$target_path = "./";
     	$target_path .= basename($_FILES['uploaded']['name']);
     	$uploaded_name = $_FILES['uploaded']['name'];
     	$uploaded_ext = substr($uploaded_name,strrpos($uploaded_name,'.')+1);
     	echo $uploaded_ext;
     	$uploaded_type = $_FILES['uploaded']['type'];
     	$uploaded_tmp = $_FILES['uploaded']['tmp_name'];
     	if((strtolower($uploaded_ext) == "jpg" || strtolower($uploaded_ext) == "jpeg" || strtolower($uploaded_ext) == "png") && getimagesize($uploaded_tmp) ){
    	 	if(($uploaded_type == "image/jpeg") || ($uploaded_type == "image/png")){
    			if(!move_uploaded_file($_FILES['uploaded']['tmp_name'],$target_path)){
    		 		echo "上传失败";
    		 	}else{
    		 		echo "{$target_path}上传成功";
    		 	}
    		}else{
    			echo '<pre>Your image was not uploaded. We can only accept JPEG or PNG images.</pre>';
    		}
     	}else{
     		 echo '<pre>Your image was not uploaded. We can only accept JPEG or PNG images.</pre>';
     	}
    
    }
    ?>
    

    PHP知识点

    basename() 函数返回路径中的文件名部分。
    move_uploaded_file() 函数将上传的文件移动到新位置。若成功,则返回 true,否则返回 false。
    语法
    move_uploaded_file(file,newloc)
    参数	描述
    file	必需。规定要移动的文件。
    newloc	必需。规定文件的新位置。
    PHP Filesystem 函数 $file https://www.cnblogs.com/laijinquan/p/8682282.html
    PHP substr()
    PHP strrpos() 查找 "php" 在字符串中最后一次出现的位置:
    
    定义和用法
    strrpos() 查找字符串在另一字符串中最后一次出现的位置。strrpos() 对大小写敏感。
    PHP strtolower()  把所有字符转换为小写:
    PHP uniqid() 基于以微秒计的当前时间,生成一个唯一的 ID。
    
  • 相关阅读:
    Assigning to 'id<UINavigationControllerDelegate,UIImagePickerControllerDelegate> _Nullable' from incompatible type 'InfchangeVC *const __strong'
    yum源 epel源 no package available 更换国内yum源
    zabbix安装 报错 socket '/var/lib/mysql/mysql.sock' (13)]
    一步一步超级详细的zabbix安装教程
    二进制、八进制、十进制与十六进制
    Linux面试题2
    uniq命令
    tr命令
    Linux面试题
    Ubuntu 14.04更换内核
  • 原文地址:https://www.cnblogs.com/renhaoblog/p/14325576.html
Copyright © 2020-2023  润新知