Upload vulnerability science[2]-js validation-vulnerability warning-the black bar safety net

2014-02-24T00:00:00
ID MYHACK58:62201442506
Type myhack58
Reporter 独自等待
Modified 2014-02-24T00:00:00

Description

On the file upload vulnerability, presumably to play the web safety of the students comes in contact with, before the station also published an article to introduce file upload vulnerabilities of the various bypass methods, but just have the document but there is no demo code, recently gave the company a customer training, it shone in the document to bypass writing out the appropriate code, easy to I waited for the Diamondback research, this article I will continuous sent a few days is all about how to get around, all the popular science text, very simple, hope that friends like.

About file upload vulnerability article

Why file upload forms are a major security threat

js validation bypass the demo code

| 0 1 | <? php ---|---

0 2 | /** ---|---

0 3 | * Created by waiting alone ---|---

0 4 | * Date: 14-1-22 ---|---

0 5 | * Time: PM 7:1 9 ---|---

0 6 | * Name: upload1.php ---|---

0 7 | * waiting alone blog: http://www.waitalone.cn/ ---|---

0 8 | */ ---|---

0 9 | //file upload exploit demo script of the js validation ---|---

1 0 | $uploaddir = 'uploads/'; ---|---

1 1 | if (isset($_POST['submit'])) { ---|---

1 2 | if (file_exists($uploaddir)) { ---|---

1 3 | if (move_uploaded_file($_FILES['upfile']['tmp_name'], $uploaddir . '/' . $_FILES['upfile']['name'])) { ---|---

1 4 | echo 'file uploaded successfully and saved to:'. $uploaddir . $_FILES['upfile']['name'] . "n"; ---|---

1 5 | } ---|---

1 6 | } else { ---|---

1 7 | exit($uploaddir . 'Folder does not exist,please manually create!'); ---|---

1 8 | } ---|---

1 9 | //print_r($_FILES); ---|---

2 0 | } ---|---

2 1 | ?& gt; ---|---

2 2 | <! DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" ---|---

2 3 | "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> ---|---

2 4 | <html xmlns="http://www.w3.org/1999/xhtml"> ---|---

2 5 | <head> ---|---

2 6 | <meta http-equiv="Content-Type" content="text/html;charset=gbk"/> ---|---

2 7 | <meta http-equiv="content-language" content="zh-CN"/> ---|---

2 8 | <title>file upload vulnerability demo script--JS validation example</title> ---|---

2 9 | <script type="text/javascript"> ---|---

3 0 | function checkFile() { ---|---

3 1 The | var file = document. getElementsByName('upfile')[0]. value; ---|---

3 2 | if (file == null || file == "") { ---|---

3 3 | alert("you have not selected any file, you can not upload!"); ---|---

3 of 4 | return false; ---|---

3 5 | } ---|---

3 6 | //defines the allowed Upload File Types ---|---

3 7 | var allow_ext = ". jpg|the. jpeg|. png|. gif|. bmp|"; ---|---

3 8 | //extract the Upload File Type ---|---

3 9 | var ext_name = file. substring(file. lastIndexOf(".")); ---|---

4 0 | //alert(ext_name); ---|---

4 1 | //alert(ext_name + "|"); ---|---

4 2 | //Determine the uploaded file type is allowed for upload ---|---

4 3 | if (allow_ext. indexOf(ext_name+ "|") == -1) { ---|---

4 4 | var errMsg = "the file does not allow uploads, Please upload" + allow_ext + "type of file,the current file type is:" + ext_name; ---|---

4 5 | alert(errMsg); ---|---

4 6 | return false; ---|---

4 7 | } ---|---

4 8 | } ---|---

4 9 | </script> ---|---

5 0 | <body> ---|---

5 1 | <h3>file upload vulnerability demo script--JS validation example</h3> ---|---

5 2 | ---|---

5 3 | <form action="" method="post" enctype="multipart/form-data" name="upload" onsubmit="return checkFile()"> ---|---

5 4 | <input type="hidden" name="MAX_FILE_SIZE" value="2 0 4 8 0 0"/> ---|---

5 5 | Please select a file to upload:<input type="file" name="upfile"/> ---|---

5 6 | <input type="submit" name="submit" value="upload"/> ---|---

5 7 | </form> ---|---

5 8 | </body> ---|---

5 9 | </html> ---|---

[1] [2] next