[HarekazeCTF2019]Avatar Uploader 1 :finfo_file()和getimagesize()关于文件类型的区别
一、简介
分析题目关键的地方,可知:
二、本地测试
搭建本地环境,echo关键变量进行调试:
// check whether file is uploaded if (!file_exists($_FILES['file']['tmp_name']) || !is_uploaded_file($_FILES['file']['tmp_name'])) { error('No file was uploaded.'); } echo $_FILES['file']['tmp_name'].'<br>'; // check file size if ($_FILES['file']['size'] > 256000) { error('Uploaded file is too large.'); } // check file type $finfo = finfo_open(FILEINFO_MIME_TYPE); echo $finfo.'<br>'; $type = finfo_file($finfo, $_FILES['file']['tmp_name']); echo $type.'<br>'; finfo_close($finfo); if (!in_array($type, ['image/png'])) { error('Uploaded file is not PNG format.'); } // check file width/height $size = getimagesize($_FILES['file']['tmp_name']); echo var_dump($size).'<br>'; if ($size[0] > 256 || $size[1] > 256) { error('Uploaded image is too large.'); } echo var_dump(IMAGETYPE_PNG); if ($size[2] !== IMAGETYPE_PNG) { // I hope this never happens... echo 'YES'; error('What happened...? OK, the flag for part 1'); }
1、首先上传给出的符合条件的图片,如下:
finfo_file函数应该是直接打开文件,来获取文件类型。而getimagesize函数是通过图片尺寸数组中第三个元素是否为int型的3来判断的。
2、一点点删除图片来测试
在此处存在一个空格,仍是正常的:
如果删除此空格,则getimagesize函数就异常了,如下:
