©2020-2024 ioDraw All rights reserved
<>Pass-01: Front end verification bypass
<script type="text/javascript"> function checkFile() { var file = document.
getElementsByName('upload_file')[0].value; if (file == null || file == "") {
alert(" Please select the file to upload !"); return false; } // Define the types of files that can be uploaded var allow_ext =
".jpg|.png|.gif"; // Extract the type of the uploaded file var ext_name = file.substring(file.lastIndexOf("."
)); // Determine whether the type of uploaded file is allowed to be uploaded if (allow_ext.indexOf(ext_name) == -1) { var errMsg =
" The file is not allowed to upload , Please upload " + allow_ext + " Type of file , The current file type is :" + ext_name; alert(errMsg); return
false; } } </script>
js Front end verification , Use disable js Plug ins like that , Or modify the current page js code , Or upload a picture first, and then change it to suffix php All right
<>Pass-02:Content-Type bypass
$is_upload = false; $msg = null; if (isset($_POST['submit'])) { if
(file_exists(UPLOAD_PATH)) { if (($_FILES['upload_file']['type'] ==
'image/jpeg') || ($_FILES['upload_file']['type'] == 'image/png') ||
($_FILES['upload_file']['type'] == 'image/gif')) { $temp_file =
$_FILES['upload_file']['tmp_name']; $img_path = UPLOAD_PATH . '/' .
$_FILES['upload_file']['name']; if (move_uploaded_file($temp_file, $img_path))
{ $is_upload = true; } else { $msg = ' Upload error !'; } } else { $msg =
' Incorrect file type , Please upload again !'; } } else { $msg = UPLOAD_PATH.' The folder does not exist , Please create it manually !'; } }
Only right Content-Type The results are verified , The suffix of the file is not verified , So upload 1.php Capture and modify content-type Is the image type :image/jpeg,image/png,image/gif
Technology