#0x01创建文件上传表单:
#0x02创建文件上传脚本:
0) { echo 'Error: ' . $_FILES['file']['error'] . ''; } else { echo 'upload: ' . $_FILES['file']['name'] . ''; echo 'Type: ' . $_FILES['file']['type'] . ''; echo 'Size: ' . $_FILES['file']['size'] . ''; echo 'Stored in: ' . $_FILES['file']['tmp_name'] . ''; }
回显:
#0x3 上传限制
w3school针对文件的限制,存在问题,只是做了简单的数据类型校验。
0) { echo 'Error' . $_FILES['file']['error'] . ''; } else { echo 'Upload: ' . $_FILES['file']['name'] . ''; echo 'Type: ' . $_FILES['file']['type'] . ''; echo 'Size: ' . $_FILES['file']['size'] . ''; echo 'Stored in: ' . $_FILES['file']['tmp_name']; } } else { echo 'Invalid file'; } #0x04 保存文件:
0) { echo 'Return Code: ' . $_FILES['file']['error'] . ''; } else { echo 'Upload: ' . $_FILES['file']['name'] . ''; echo 'Type: ' . $_FILES['file']['type'] . ''; echo 'Size: ' .($_FILES['file']['size'] / 1024) . 'kb '; echo 'Temp file: ' . $_FILES['file']['tmp_name'] . ''; if (file_exists('upload/' . $_FILES['file']['name'])) { echo $_FILES['file']['name'] . ' already exists.'; } else { move_uploaded_file($_FILES['file']['tmp_name'], 'upload/' . $_FILES['file']['name']); echo 'Stored in: ' . 'upload/' . $_FILES['file']['name']; } } } else { echo 'Invalid file'; } #0x05 文件上传漏洞
Content-Type 只校验了文件类型
通过相关资料学习和总结PHP相关上传的一些收集:
①【.php 不输入文件名】
②【x.php. a.phpx x.phtml x.php; x.php~】
③【php后缀+空格】