tipask question Answering System 1. 4 upload vulnerability-vulnerability warning-the black bar safety net

2011-11-21T00:00:00
ID MYHACK58:62201132404
Type myhack58
Reporter 佚名
Modified 2011-11-21T00:00:00

Description

user.php the user operation function oneditimg() { //modify avatar if (isset($_FILES["Filedata"])) { $upload_tmp_path = "data/tmp/"; $fileName = 'bigavatar' . $this->user['uid'] . '.' . substr($_FILES["Filedata"]['name'], -3); move_uploaded_file($_FILES["Filedata"]["tmp_name"], $upload_tmp_path . $fileName); //This directly.......... $img = getimagesize($upload_tmp_path . $fileName); $imginfo = array(); $imginfo['src'] = SITE_URL . $upload_tmp_path . $fileName . '?' . time(); $imginfo['w'] = $img[0]; $imginfo['h'] = $img[1]; $imginfo['ext'] = $img[2]; echo json_encode($imginfo); //Also tells you to upload the posterior diameter。。。。。 } else { if ($this->setting["ucenter_open"]) { $this->load('ucenter'); $imgstr = $_ENV['ucenter']->set_avatar($this->user['uid']); } include template("editimg"); } } Everything came directly on. Upload directly to the data/tmp/bigavatar X . php Suffixes are not used to see.