[WUSTCTF2020]CV Maker
考点:文件上传
解题
1、注册,登录,上传图片马,用bp抓包后将filename后缀改为php,连上蚁剑。
[ACTF2020 新生赛]Upload(文件上传-前端js验证&黑名单绕过)
1、F12,删除onsubmit="return checkFile()",绕过前端验证
2、发现不能上传php,就是可能后端黑名单过滤了php
上传一句话木马,用burpsuite抓包,修改filename的后缀为.phtml,连上蚁剑。
最后,放上源码:
<?php
error_reporting(0);
//设置上传目录
define("UPLOAD_PATH", "./uplo4d");
$msg = "Upload Success!";
if (isset($_POST['submit'])) {
$temp_file = $_FILES['upload_file']['tmp_name'];
$file_name = $_FILES['upload_file']['name'];
$ext = pathinfo($file_name,PATHINFO_EXTENSION);
if(in_array($ext, ['php', 'php3', 'php4', 'php5'])) {
exit('nonono~ Bad file!');
}
$new_file_name = md5($file_name).".".$ext;
$img_path = UPLOAD_PATH . '/' . $new_file_name;
if (move_uploaded_file($temp_file, $img_path)){
$is_upload = true;
} else {
$msg = 'Upload Failed!';
}
echo '<div style="color:#F00">'.$msg." Look here~ ".$img_path."</div>";
}
?>