About the content:
The test account permissions: default
The problem is in the renaming.
I upload. php file is not executed, ok, then change suffix to. ph
After a successful upload, 改名.php, tips no limit.
Well, 改名.php ,rename is successful, white spaces are ignored, the file extension changed to php
Can be executed successfully.
From this example can be simply seen, the server side processing logic, it is likely to limit the Upload Directory executable permission to the directory does not allow execution of. PHP at the end of the program, 限制了文件的后缀是.PHP / author by modifying the suffix . PHP spaces. It is a breakthrough in the directory restrictions. Manufacturers reply that-is due to the judge not precise enough to cause a certain amount of security. Let me puzzled is - this kind of use of analytical vulnerability?
under linux a new 1. php spaces in File content is:<? php echo "1 1 1"?& gt;
Through URL access 无论 输入 的 是 1.php or 1. php spaces or is 1. php%2 0
the apache response is NOT Found
The same way to test in Windows found under the effect is the same。。。。
Why is it so?
web serverwhat is it? IIS apache nginx if not parsing parsing vulnerability, then is through the program black list to control whether the file can be executed. 黑白 名单 只是 单纯 的 过滤 了 .php – if the program is a black and white list of words- . PHP . PHp . pHp should be can.
Can think of only these.。。。。