CTF web题总结--上传文件绕过

代码:


if (empty($_FILES['inputFile'])) {
    echo json_encode(['error'=>'No files found for upload.']); 
    return;
}

$allowedExts = array('php', 'php3', 'php4', 'php5', 'php7', 'phtml', 'cgi');
$success = false;
$output = '';

$file = $_FILES['inputFile'];
$filename = $file['name'];
$parts = explode('.', basename($filename));
$ext = end($parts);
$type = $file['type'];
$size = $file['size'];

if (in_array($ext, $allowedExts) || count($parts) > 2) {
    $output = ['error'=>'How dare you do so???'];
} else {
    if ($file['error'] > 0) {
        $success = false;
        $output = ['error' => $file['error']];
    } else {
        $target = 'uploads' . DIRECTORY_SEPARATOR . sha1(uniqid()) . '.' . $ext;
        if ($fp = fopen($file["tmp_name"], 'r')) {
            $table_change = array('=>'');
            $table_change += array('php' => '');
            $table_change += array('script' => '');
            $contents = fread($fp, filesize($file['tmp_name']));
            fclose($fp);
            $contents = strtr($contents, $table_change);
            $fpw = fopen($target, 'w');
            fwrite($fpw, $contents);
            fclose($fpw);
        }
        $output = ['uploaded' => $target];
    }
}

echo json_encode($output);

可以上传Php、phtm等类型,过滤了等,但是可以使用来绕过过滤,然后就一句话木马即可

你可能感兴趣的:(Web)