zoukankan      html  css  js  c++  java

  • PHP代码审计-File Upload-dvwa靶场

    执行

    <html>
<head></head>
<body>
<form enctype="multipart/form-data" action="high.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
	Choose an image to upload:<br /><br />
	<input name="uploaded" type="file" /><br/>
	<br />
	<input type="submit" name="upload" value="upload" />
</form>
</body>

</html>

    low

    <?php
 if(isset($_POST['upload'])){
 	$target_path = "./";
 	$target_path .= basename($_FILES['uploaded']['name']);
 	echo $target_path."<br>";
 if(!move_uploaded_file($_FILES['uploaded']['tmp_name'],$target_path)){
 	echo "上传失败";
 }else{
 	echo "{$target_path}上传成功";
 }
 }
?>

    medium

    <?php
 if(isset($_POST['upload'])){
 	$target_path = "./";
 	$target_path .= basename($_FILES['uploaded']['name']);
 	$uploaded_name = $_FILES['uploaded']['name'];
 	$uploaded_type = $_FILES['uploaded']['type'];
 	if(($uploaded_type == "image/jpeg") || ($uploaded_type == "image/png")){
		if(!move_uploaded_file($_FILES['uploaded']['tmp_name'],$target_path)){
	 		echo "上传失败";
	 	}else{
	 		echo "{$target_path}上传成功";
	 	}
}else{
	echo '<pre>Your image was not uploaded. We can only accept JPEG or PNG images.</pre>';
	}
}
?>

    high

    <?php
 if(isset($_POST['upload'])){
 	$target_path = "./";
 	$target_path .= basename($_FILES['uploaded']['name']);
 	$uploaded_name = $_FILES['uploaded']['name'];
 	$uploaded_ext = substr($uploaded_name,strrpos($uploaded_name,'.')+1);
 	echo $uploaded_ext;
 	$uploaded_type = $_FILES['uploaded']['type'];
 	$uploaded_tmp = $_FILES['uploaded']['tmp_name'];
 	if((strtolower($uploaded_ext) == "jpg" || strtolower($uploaded_ext) == "jpeg" || strtolower($uploaded_ext) == "png") && getimagesize($uploaded_tmp) ){
	 	if(($uploaded_type == "image/jpeg") || ($uploaded_type == "image/png")){
			if(!move_uploaded_file($_FILES['uploaded']['tmp_name'],$target_path)){
		 		echo "上传失败";
		 	}else{
		 		echo "{$target_path}上传成功";
		 	}
		}else{
			echo '<pre>Your image was not uploaded. We can only accept JPEG or PNG images.</pre>';
		}
 	}else{
 		 echo '<pre>Your image was not uploaded. We can only accept JPEG or PNG images.</pre>';
 	}

}
?>

    PHP知识点

    basename() 函数返回路径中的文件名部分。
move_uploaded_file() 函数将上传的文件移动到新位置。若成功,则返回 true,否则返回 false。
语法
move_uploaded_file(file,newloc)
参数	描述
file	必需。规定要移动的文件。
newloc	必需。规定文件的新位置。
PHP Filesystem 函数 $file https://www.cnblogs.com/laijinquan/p/8682282.html
PHP substr()
PHP strrpos() 查找 "php" 在字符串中最后一次出现的位置:

定义和用法
strrpos() 查找字符串在另一字符串中最后一次出现的位置。strrpos() 对大小写敏感。
PHP strtolower()  把所有字符转换为小写:
PHP uniqid() 基于以微秒计的当前时间,生成一个唯一的 ID。
  • 相关阅读:
    作业帮:最长连续序列(头部插入)
    作业帮:字符串反转(头部插入)
    作业帮:给定一个整数数组,找出其中两个数相加等于目标值(去重set)
    JVM系列之七:HotSpot 虚拟机
    JVM系列之六:内存溢出、内存泄漏 和 栈溢出
    JVM系列之四:运行时数据区
    JVM系列之五:垃圾回收
    JVM系列之三:类装载器子系统
    JVM系列之二:编译过程
    JVM系列之一:JVM架构
  • 原文地址:https://www.cnblogs.com/renhaoblog/p/14325576.html
Copyright © 2011-2022 走看看