upload-labs-2
阿新 • • 發佈:2021-12-17
開啟網站
繞過上傳限制
檔案型別被限制
修改MIME,成功繞過
使用冰蠍連線
原始碼審計
$is_upload = false; $msg = null; if (isset($_POST['submit'])) { if (file_exists(UPLOAD_PATH)) { if (($_FILES['upload_file']['type'] == 'image/jpeg') || ($_FILES['upload_file']['type'] == 'image/png') || ($_FILES['upload_file']['type'] == 'image/gif')) { //MIME 做了限制 $temp_file = $_FILES['upload_file']['tmp_name']; $img_path = UPLOAD_PATH . '/' . $_FILES['upload_file']['name'] if (move_uploaded_file($temp_file, $img_path)) { $is_upload = true; } else { $msg = '上傳出錯!'; } } else { $msg = '檔案型別不正確,請重新上傳!'; } } else { $msg = UPLOAD_PATH.'資料夾不存在,請手工建立!'; } }
本文來自部落格園,作者:oldliutou,轉載請註明原文連結:https://www.cnblogs.com/oldliutou/p/15702277.html