Shulou(Shulou.com)06/03 Report--

This article introduces you what the file upload vulnerability php code is, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Vulnerability description

File upload function is very common in development, as a developer, we generally have to do a good job of security protection on the basis of completing the function.

File processing generally includes two functions: users upload and display files, such as uploading avatars.

Example of file upload attack

Upload.php

Upload.html

Select the file to upload:

The above code has not been verified. Malicious users can upload php files as follows

Malicious users can execute remote commands by accessing such as http://server/uploads/shell.php?command=phpinfo();

Content-type verification

Upload.php

This method is verified by Http request header information. It can be bypassed by modifying Content-type = = > image/jpg, and can be modified by script, BurpSuite or fiddle.

As follows

Content-Disposition: form-data; name= "userfile"; filename= "shell.php"

Content-Type: image/gif

Picture type verification

This method obtains the file type by reading the file type information in the file header.

Note: for example, the JPEG/JPG file header is identified as FFD8

Upload.php

You can bypass this validation by adding comments to the picture.

If you add comments, save the picture and change its extension to php, you can upload it successfully.

If you visit the file after a successful upload, you can see the following display

File extension verification

Filter the file extension by blacklist or whitelist, as shown in the following code

Upload.php

When the blacklist is incomplete, constructing a special file name can bypass extension verification

Direct access to uploaded files

Saving the uploaded file in a folder other than web root prevents users from directly accessing the file through the path.

Upload.php

Users cannot access files directly through http://localhost/uploads/, they must access files through view.php

View.php

Viewing the file code does not validate the file name. Users can view the specified file through, for example, http://localhost/view.php?name=..//php/upload.php.

Example of resolving vulnerabilities

Upload.php

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.