-
-
【封神台】Upload-Labs wp
-
发表于: 2021-8-5 13:45 1922
-
绕过方法:控制文件名字、或者控制文件夹的名字。
IIS6.0解析漏洞(一):
IIS6.0解析漏洞分两种
1、目录解析
以*.asp命名的文件夹里的文件都将会被当成ASP文件执行。
2、文件解析
.asp;.jpg 像这种畸形文件名在“;”后面的直接被忽略,也就是说当成 .asp文件执行。
IIS6.0 默认的可执行文件除了asp还包含这三种 .asa .cer *.cdx
function checkFile() {
var
file
=
document.getElementsByName(
'upload_file'
)[
0
].value;
if
(
file
=
=
null ||
file
=
=
"") {
alert(
"请选择要上传的文件!"
);
return
false;
}
/
/
定义允许上传的文件类型
var allow_ext
=
".jpg|.png|.gif"
;
/
/
提取上传文件的类型
var ext_name
=
file
.substring(
file
.lastIndexOf(
"."
));
/
/
判断上传文件类型是否允许上传
if
(allow_ext.indexOf(ext_name
+
"|"
)
=
=
-
1
) {
var errMsg
=
"该文件不允许上传,请上传"
+
allow_ext
+
"类型的文件,当前文件类型为:"
+
ext_name;
alert(errMsg);
return
false;
}
}
function checkFile() {
var
file
=
document.getElementsByName(
'upload_file'
)[
0
].value;
if
(
file
=
=
null ||
file
=
=
"") {
alert(
"请选择要上传的文件!"
);
return
false;
}
/
/
定义允许上传的文件类型
var allow_ext
=
".jpg|.png|.gif"
;
/
/
提取上传文件的类型
var ext_name
=
file
.substring(
file
.lastIndexOf(
"."
));
/
/
判断上传文件类型是否允许上传
if
(allow_ext.indexOf(ext_name
+
"|"
)
=
=
-
1
) {
var errMsg
=
"该文件不允许上传,请上传"
+
allow_ext
+
"类型的文件,当前文件类型为:"
+
ext_name;
alert(errMsg);
return
false;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
if
(($_FILES[
'upload_file'
][
'type'
]
=
=
'image/jpeg'
) || ($_FILES[
'upload_file'
][
'type'
]
=
=
'image/png'
) || ($_FILES[
'upload_file'
][
'type'
]
=
=
'image/gif'
)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR . $_FILES[
'upload_file'
][
'name'
];
$is_upload
=
true;
}
}
else
{
$msg
=
'文件类型不正确,请重新上传!'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR.
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
if
(($_FILES[
'upload_file'
][
'type'
]
=
=
'image/jpeg'
) || ($_FILES[
'upload_file'
][
'type'
]
=
=
'image/png'
) || ($_FILES[
'upload_file'
][
'type'
]
=
=
'image/gif'
)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR . $_FILES[
'upload_file'
][
'name'
];
$is_upload
=
true;
}
}
else
{
$msg
=
'文件类型不正确,请重新上传!'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR.
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
'.asp'
,
'.aspx'
,
'.php'
,
'.jsp'
);
$file_name
=
trim($_FILES[
'upload_file'
][
'name'
]);
$file_name
=
deldot($file_name);
/
/
删除文件名末尾的点
$file_ext
=
strrchr($file_name,
'.'
);
$file_ext
=
strtolower($file_ext);
/
/
转换为小写
$file_ext
=
str_ireplace(
'::$DATA'
, '', $file_ext);
/
/
去除字符串::$DATA
$file_ext
=
trim($file_ext);
/
/
收尾去空
if
(!in_array($file_ext, $deny_ext)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR.
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
];
$is_upload
=
true;
}
}
else
{
$msg
=
'不允许上传.asp,.aspx,.php,.jsp后缀文件!'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
'.asp'
,
'.aspx'
,
'.php'
,
'.jsp'
);
$file_name
=
trim($_FILES[
'upload_file'
][
'name'
]);
$file_name
=
deldot($file_name);
/
/
删除文件名末尾的点
$file_ext
=
strrchr($file_name,
'.'
);
$file_ext
=
strtolower($file_ext);
/
/
转换为小写
$file_ext
=
str_ireplace(
'::$DATA'
, '', $file_ext);
/
/
去除字符串::$DATA
$file_ext
=
trim($file_ext);
/
/
收尾去空
if
(!in_array($file_ext, $deny_ext)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR.
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
];
$is_upload
=
true;
}
}
else
{
$msg
=
'不允许上传.asp,.aspx,.php,.jsp后缀文件!'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
".php"
,
".php5"
,
".php4"
,
".php3"
,
".php2"
,
"php1"
,
".html"
,
".htm"
,
".phtml"
,
".pHp"
,
".pHp5"
,
".pHp4"
,
".pHp3"
,
".pHp2"
,
"pHp1"
,
".Html"
,
".Htm"
,
".pHtml"
,
".jsp"
,
".jspa"
,
".jspx"
,
".jsw"
,
".jsv"
,
".jspf"
,
".jtml"
,
".jSp"
,
".jSpx"
,
".jSpa"
,
".jSw"
,
".jSv"
,
".jSpf"
,
".jHtml"
,
".asp"
,
".aspx"
,
".asa"
,
".asax"
,
".ascx"
,
".ashx"
,
".asmx"
,
".cer"
,
".aSp"
,
".aSpx"
,
".aSa"
,
".aSax"
,
".aScx"
,
".aShx"
,
".aSmx"
,
".cEr"
,
".sWf"
,
".swf"
);
$file_name
=
trim($_FILES[
'upload_file'
][
'name'
]);
$file_name
=
deldot($file_name);
/
/
删除文件名末尾的点
$file_ext
=
strrchr($file_name,
'.'
);
$file_ext
=
strtolower($file_ext);
/
/
转换为小写
$file_ext
=
str_ireplace(
'::$DATA'
, '', $file_ext);
/
/
去除字符串::$DATA
$file_ext
=
trim($file_ext);
/
/
收尾去空
if
(!in_array($file_ext, $deny_ext)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR . $_FILES[
'upload_file'
][
'name'
];
$is_upload
=
true;
}
}
else
{
$msg
=
'此文件不允许上传!'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
".php"
,
".php5"
,
".php4"
,
".php3"
,
".php2"
,
"php1"
,
".html"
,
".htm"
,
".phtml"
,
".pHp"
,
".pHp5"
,
".pHp4"
,
".pHp3"
,
".pHp2"
,
"pHp1"
,
".Html"
,
".Htm"
,
".pHtml"
,
".jsp"
,
".jspa"
,
".jspx"
,
".jsw"
,
".jsv"
,
".jspf"
,
".jtml"
,
".jSp"
,
".jSpx"
,
".jSpa"
,
".jSw"
,
".jSv"
,
".jSpf"
,
".jHtml"
,
".asp"
,
".aspx"
,
".asa"
,
".asax"
,
".ascx"
,
".ashx"
,
".asmx"
,
".cer"
,
".aSp"
,
".aSpx"
,
".aSa"
,
".aSax"
,
".aScx"
,
".aShx"
,
".aSmx"
,
".cEr"
,
".sWf"
,
".swf"
);
$file_name
=
trim($_FILES[
'upload_file'
][
'name'
]);
$file_name
=
deldot($file_name);
/
/
删除文件名末尾的点
$file_ext
=
strrchr($file_name,
'.'
);
$file_ext
=
strtolower($file_ext);
/
/
转换为小写
$file_ext
=
str_ireplace(
'::$DATA'
, '', $file_ext);
/
/
去除字符串::$DATA
$file_ext
=
trim($file_ext);
/
/
收尾去空
if
(!in_array($file_ext, $deny_ext)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR . $_FILES[
'upload_file'
][
'name'
];
$is_upload
=
true;
}
}
else
{
$msg
=
'此文件不允许上传!'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
AddType application
/
x
-
httpd
-
php .png
AddType application
/
x
-
httpd
-
php .png
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
".php"
,
".php5"
,
".php4"
,
".php3"
,
".php2"
,
".html"
,
".htm"
,
".phtml"
,
".pHp"
,
".pHp5"
,
".pHp4"
,
".pHp3"
,
".pHp2"
,
".Html"
,
".Htm"
,
".pHtml"
,
".jsp"
,
".jspa"
,
".jspx"
,
".jsw"
,
".jsv"
,
".jspf"
,
".jtml"
,
".jSp"
,
".jSpx"
,
".jSpa"
,
".jSw"
,
".jSv"
,
".jSpf"
,
".jHtml"
,
".asp"
,
".aspx"
,
".asa"
,
".asax"
,
".ascx"
,
".ashx"
,
".asmx"
,
".cer"
,
".aSp"
,
".aSpx"
,
".aSa"
,
".aSax"
,
".aScx"
,
".aShx"
,
".aSmx"
,
".cEr"
,
".sWf"
,
".swf"
,
".htaccess"
);
$file_name
=
trim($_FILES[
'upload_file'
][
'name'
]);
$file_name
=
deldot($file_name);
/
/
删除文件名末尾的点
$file_ext
=
strrchr($file_name,
'.'
);
$file_ext
=
str_ireplace(
'::$DATA'
, '', $file_ext);
/
/
去除字符串::$DATA
$file_ext
=
trim($file_ext);
/
/
首尾去空
if
(!in_array($file_ext, $deny_ext)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR .
'/'
. $file_name;
$is_upload
=
true;
}
}
else
{
$msg
=
'此文件不允许上传'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
".php"
,
".php5"
,
".php4"
,
".php3"
,
".php2"
,
".html"
,
".htm"
,
".phtml"
,
".pHp"
,
".pHp5"
,
".pHp4"
,
".pHp3"
,
".pHp2"
,
".Html"
,
".Htm"
,
".pHtml"
,
".jsp"
,
".jspa"
,
".jspx"
,
".jsw"
,
".jsv"
,
".jspf"
,
".jtml"
,
".jSp"
,
".jSpx"
,
".jSpa"
,
".jSw"
,
".jSv"
,
".jSpf"
,
".jHtml"
,
".asp"
,
".aspx"
,
".asa"
,
".asax"
,
".ascx"
,
".ashx"
,
".asmx"
,
".cer"
,
".aSp"
,
".aSpx"
,
".aSa"
,
".aSax"
,
".aScx"
,
".aShx"
,
".aSmx"
,
".cEr"
,
".sWf"
,
".swf"
,
".htaccess"
);
$file_name
=
trim($_FILES[
'upload_file'
][
'name'
]);
$file_name
=
deldot($file_name);
/
/
删除文件名末尾的点
$file_ext
=
strrchr($file_name,
'.'
);
$file_ext
=
str_ireplace(
'::$DATA'
, '', $file_ext);
/
/
去除字符串::$DATA
$file_ext
=
trim($file_ext);
/
/
首尾去空
if
(!in_array($file_ext, $deny_ext)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR .
'/'
. $file_name;
$is_upload
=
true;
}
}
else
{
$msg
=
'此文件不允许上传'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
phtml
php
php3
php4
php5
inc
pHtml
pHp
pHp3
pHp4
pHp5
iNc
iNc
%
00
iNc
%
20
%
20
%
20
iNc
%
20
%
20
%
20.
..
%
20.
%
20.
.
iNc......
inc
%
00
inc
%
20
%
20
%
20
inc
%
20
%
20
%
20.
..
%
20.
%
20.
.
inc......
pHp
%
00
pHp
%
20
%
20
%
20
pHp
%
20
%
20
%
20.
..
%
20.
%
20.
.
pHp......
pHp3
%
00
pHp3
%
20
%
20
%
20
pHp3
%
20
%
20
%
20.
..
%
20.
%
20.
.
pHp3......
pHp4
%
00
pHp4
%
20
%
20
%
20
pHp4
%
20
%
20
%
20.
..
%
20.
%
20.
.
pHp4......
pHp5
%
00
pHp5
%
20
%
20
%
20
pHp5
%
20
%
20
%
20.
..
%
20.
%
20.
.
pHp5......
pHtml
%
00
pHtml
%
20
%
20
%
20
pHtml
%
20
%
20
%
20.
..
%
20.
%
20.
.
pHtml......
php
%
00
php
%
20
%
20
%
20
php
%
20
%
20
%
20.
..
%
20.
%
20.
.
php......
php3
%
00
php3
%
20
%
20
%
20
php3
%
20
%
20
%
20.
..
%
20.
%
20.
.
php3......
php4
%
00
php4
%
20
%
20
%
20
php4
%
20
%
20
%
20.
..
%
20.
%
20.
.
php4......
php5
%
00
php5
%
20
%
20
%
20
php5
%
20
%
20
%
20.
..
%
20.
%
20.
.
php5......
phtml
%
00
phtml
%
20
%
20
%
20
phtml
%
20
%
20
%
20.
..
%
20.
%
20.
.
phtml......
phtml
php
php3
php4
php5
inc
pHtml
pHp
pHp3
pHp4
pHp5
iNc
iNc
%
00
iNc
%
20
%
20
%
20
iNc
%
20
%
20
%
20.
..
%
20.
%
20.
.
iNc......
inc
%
00
inc
%
20
%
20
%
20
inc
%
20
%
20
%
20.
..
%
20.
%
20.
.
inc......
pHp
%
00
pHp
%
20
%
20
%
20
pHp
%
20
%
20
%
20.
..
%
20.
%
20.
.
pHp......
pHp3
%
00
pHp3
%
20
%
20
%
20
pHp3
%
20
%
20
%
20.
..
%
20.
%
20.
.
pHp3......
pHp4
%
00
pHp4
%
20
%
20
%
20
pHp4
%
20
%
20
%
20.
..
%
20.
%
20.
.
pHp4......
pHp5
%
00
pHp5
%
20
%
20
%
20
pHp5
%
20
%
20
%
20.
..
%
20.
%
20.
.
pHp5......
pHtml
%
00
pHtml
%
20
%
20
%
20
pHtml
%
20
%
20
%
20.
..
%
20.
%
20.
.
pHtml......
php
%
00
php
%
20
%
20
%
20
php
%
20
%
20
%
20.
..
%
20.
%
20.
.
php......
php3
%
00
php3
%
20
%
20
%
20
php3
%
20
%
20
%
20.
..
%
20.
%
20.
.
php3......
php4
%
00
php4
%
20
%
20
%
20
php4
%
20
%
20
%
20.
..
%
20.
%
20.
.
php4......
php5
%
00
php5
%
20
%
20
%
20
php5
%
20
%
20
%
20.
..
%
20.
%
20.
.
php5......
phtml
%
00
phtml
%
20
%
20
%
20
phtml
%
20
%
20
%
20.
..
%
20.
%
20.
.
phtml......
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
".php"
,
".php5"
,
".php4"
,
".php3"
,
".php2"
,
".html"
,
".htm"
,
".phtml"
,
".pHp"
,
".pHp5"
,
".pHp4"
,
".pHp3"
,
".pHp2"
,
".Html"
,
".Htm"
,
".pHtml"
,
".jsp"
,
".jspa"
,
".jspx"
,
".jsw"
,
".jsv"
,
".jspf"
,
".jtml"
,
".jSp"
,
".jSpx"
,
".jSpa"
,
".jSw"
,
".jSv"
,
".jSpf"
,
".jHtml"
,
".asp"
,
".aspx"
,
".asa"
,
".asax"
,
".ascx"
,
".ashx"
,
".asmx"
,
".cer"
,
".aSp"
,
".aSpx"
,
".aSa"
,
".aSax"
,
".aScx"
,
".aShx"
,
".aSmx"
,
".cEr"
,
".sWf"
,
".swf"
,
".htaccess"
);
$file_name
=
$_FILES[
'upload_file'
][
'name'
];
$file_name
=
deldot($file_name);
/
/
删除文件名末尾的点
$file_ext
=
strrchr($file_name,
'.'
);
$file_ext
=
strtolower($file_ext);
/
/
转换为小写
$file_ext
=
str_ireplace(
'::$DATA'
, '', $file_ext);
/
/
去除字符串::$DATA
if
(!in_array($file_ext, $deny_ext)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR .
'/'
. $file_name;
$is_upload
=
true;
}
}
else
{
$msg
=
'此文件不允许上传'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
".php"
,
".php5"
,
".php4"
,
".php3"
,
".php2"
,
".html"
,
".htm"
,
".phtml"
,
".pHp"
,
".pHp5"
,
".pHp4"
,
".pHp3"
,
".pHp2"
,
".Html"
,
".Htm"
,
".pHtml"
,
".jsp"
,
".jspa"
,
".jspx"
,
".jsw"
,
".jsv"
,
".jspf"
,
".jtml"
,
".jSp"
,
".jSpx"
,
".jSpa"
,
".jSw"
,
".jSv"
,
".jSpf"
,
".jHtml"
,
".asp"
,
".aspx"
,
".asa"
,
".asax"
,
".ascx"
,
".ashx"
,
".asmx"
,
".cer"
,
".aSp"
,
".aSpx"
,
".aSa"
,
".aSax"
,
".aScx"
,
".aShx"
,
".aSmx"
,
".cEr"
,
".sWf"
,
".swf"
,
".htaccess"
);
$file_name
=
$_FILES[
'upload_file'
][
'name'
];
$file_name
=
deldot($file_name);
/
/
删除文件名末尾的点
$file_ext
=
strrchr($file_name,
'.'
);
$file_ext
=
strtolower($file_ext);
/
/
转换为小写
$file_ext
=
str_ireplace(
'::$DATA'
, '', $file_ext);
/
/
去除字符串::$DATA
if
(!in_array($file_ext, $deny_ext)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR .
'/'
. $file_name;
$is_upload
=
true;
}
}
else
{
$msg
=
'此文件不允许上传'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
".php"
,
".php5"
,
".php4"
,
".php3"
,
".php2"
,
".html"
,
".htm"
,
".phtml"
,
".pHp"
,
".pHp5"
,
".pHp4"
,
".pHp3"
,
".pHp2"
,
".Html"
,
".Htm"
,
".pHtml"
,
".jsp"
,
".jspa"
,
".jspx"
,
".jsw"
,
".jsv"
,
".jspf"
,
".jtml"
,
".jSp"
,
".jSpx"
,
".jSpa"
,
".jSw"
,
".jSv"
,
".jSpf"
,
".jHtml"
,
".asp"
,
".aspx"
,
".asa"
,
".asax"
,
".ascx"
,
".ashx"
,
".asmx"
,
".cer"
,
".aSp"
,
".aSpx"
,
".aSa"
,
".aSax"
,
".aScx"
,
".aShx"
,
".aSmx"
,
".cEr"
,
".sWf"
,
".swf"
,
".htaccess"
);
$file_name
=
trim($_FILES[
'upload_file'
][
'name'
]);
$file_ext
=
strrchr($file_name,
'.'
);
$file_ext
=
strtolower($file_ext);
/
/
转换为小写
$file_ext
=
str_ireplace(
'::$DATA'
, '', $file_ext);
/
/
去除字符串::$DATA
$file_ext
=
trim($file_ext);
/
/
首尾去空
if
(!in_array($file_ext, $deny_ext)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR .
'/'
. $file_name;
$is_upload
=
true;
}
}
else
{
$msg
=
'此文件不允许上传'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
".php"
,
".php5"
,
".php4"
,
".php3"
,
".php2"
,
".html"
,
".htm"
,
".phtml"
,
".pHp"
,
".pHp5"
,
".pHp4"
,
".pHp3"
,
".pHp2"
,
".Html"
,
".Htm"
,
".pHtml"
,
".jsp"
,
".jspa"
,
".jspx"
,
".jsw"
,
".jsv"
,
".jspf"
,
".jtml"
,
".jSp"
,
".jSpx"
,
".jSpa"
,
".jSw"
,
".jSv"
,
".jSpf"
,
".jHtml"
,
".asp"
,
".aspx"
,
".asa"
,
".asax"
,
".ascx"
,
".ashx"
,
".asmx"
,
".cer"
,
".aSp"
,
".aSpx"
,
".aSa"
,
".aSax"
,
".aScx"
,
".aShx"
,
".aSmx"
,
".cEr"
,
".sWf"
,
".swf"
,
".htaccess"
);
$file_name
=
trim($_FILES[
'upload_file'
][
'name'
]);
$file_ext
=
strrchr($file_name,
'.'
);
$file_ext
=
strtolower($file_ext);
/
/
转换为小写
$file_ext
=
str_ireplace(
'::$DATA'
, '', $file_ext);
/
/
去除字符串::$DATA
$file_ext
=
trim($file_ext);
/
/
首尾去空
if
(!in_array($file_ext, $deny_ext)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR .
'/'
. $file_name;
$is_upload
=
true;
}
}
else
{
$msg
=
'此文件不允许上传'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
".php"
,
".php5"
,
".php4"
,
".php3"
,
".php2"
,
".html"
,
".htm"
,
".phtml"
,
".pHp"
,
".pHp5"
,
".pHp4"
,
".pHp3"
,
".pHp2"
,
".Html"
,
".Htm"
,
".pHtml"
,
".jsp"
,
".jspa"
,
".jspx"
,
".jsw"
,
".jsv"
,
".jspf"
,
".jtml"
,
".jSp"
,
".jSpx"
,
".jSpa"
,
".jSw"
,
".jSv"
,
".jSpf"
,
".jHtml"
,
".asp"
,
".aspx"
,
".asa"
,
".asax"
,
".ascx"
,
".ashx"
,
".asmx"
,
".cer"
,
".aSp"
,
".aSpx"
,
".aSa"
,
".aSax"
,
".aScx"
,
".aShx"
,
".aSmx"
,
".cEr"
,
".sWf"
,
".swf"
,
".htaccess"
);
$file_name
=
trim($_FILES[
'upload_file'
][
'name'
]);
$file_name
=
deldot($file_name);
/
/
删除文件名末尾的点
$file_ext
=
strrchr($file_name,
'.'
);
$file_ext
=
strtolower($file_ext);
/
/
转换为小写
$file_ext
=
trim($file_ext);
/
/
首尾去空
if
(!in_array($file_ext, $deny_ext)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR .
'/'
. $file_name;
$is_upload
=
true;
}
}
else
{
$msg
=
'此文件不允许上传'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
".php"
,
".php5"
,
".php4"
,
".php3"
,
".php2"
,
".html"
,
".htm"
,
".phtml"
,
".pHp"
,
".pHp5"
,
".pHp4"
,
".pHp3"
,
".pHp2"
,
".Html"
,
".Htm"
,
".pHtml"
,
".jsp"
,
".jspa"
,
".jspx"
,
".jsw"
,
".jsv"
,
".jspf"
,
".jtml"
,
".jSp"
,
".jSpx"
,
".jSpa"
,
".jSw"
,
".jSv"
,
".jSpf"
,
".jHtml"
,
".asp"
,
".aspx"
,
".asa"
,
".asax"
,
".ascx"
,
".ashx"
,
".asmx"
,
".cer"
,
".aSp"
,
".aSpx"
,
".aSa"
,
".aSax"
,
".aScx"
,
".aShx"
,
".aSmx"
,
".cEr"
,
".sWf"
,
".swf"
,
".htaccess"
);
$file_name
=
trim($_FILES[
'upload_file'
][
'name'
]);
$file_name
=
deldot($file_name);
/
/
删除文件名末尾的点
$file_ext
=
strrchr($file_name,
'.'
);
$file_ext
=
strtolower($file_ext);
/
/
转换为小写
$file_ext
=
trim($file_ext);
/
/
首尾去空
if
(!in_array($file_ext, $deny_ext)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR .
'/'
. $file_name;
$is_upload
=
true;
}
}
else
{
$msg
=
'此文件不允许上传'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
".php"
,
".php5"
,
".php4"
,
".php3"
,
".php2"
,
".html"
,
".htm"
,
".phtml"
,
".pHp"
,
".pHp5"
,
".pHp4"
,
".pHp3"
,
".pHp2"
,
".Html"
,
".Htm"
,
".pHtml"
,
".jsp"
,
".jspa"
,
".jspx"
,
".jsw"
,
".jsv"
,
".jspf"
,
".jtml"
,
".jSp"
,
".jSpx"
,
".jSpa"
,
".jSw"
,
".jSv"
,
".jSpf"
,
".jHtml"
,
".asp"
,
".aspx"
,
".asa"
,
".asax"
,
".ascx"
,
".ashx"
,
".asmx"
,
".cer"
,
".aSp"
,
".aSpx"
,
".aSa"
,
".aSax"
,
".aScx"
,
".aShx"
,
".aSmx"
,
".cEr"
,
".sWf"
,
".swf"
,
".htaccess"
);
$file_name
=
trim($_FILES[
'upload_file'
][
'name'
]);
$file_name
=
deldot($file_name);
/
/
删除文件名末尾的点
$file_ext
=
strrchr($file_name,
'.'
);
$file_ext
=
strtolower($file_ext);
/
/
转换为小写
$file_ext
=
str_ireplace(
'::$DATA'
, '', $file_ext);
/
/
去除字符串::$DATA
$file_ext
=
trim($file_ext);
/
/
首尾去空
if
(!in_array($file_ext, $deny_ext)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR .
'/'
. $file_name;
$is_upload
=
true;
}
}
else
{
$msg
=
'此文件不允许上传'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
".php"
,
".php5"
,
".php4"
,
".php3"
,
".php2"
,
".html"
,
".htm"
,
".phtml"
,
".pHp"
,
".pHp5"
,
".pHp4"
,
".pHp3"
,
".pHp2"
,
".Html"
,
".Htm"
,
".pHtml"
,
".jsp"
,
".jspa"
,
".jspx"
,
".jsw"
,
".jsv"
,
".jspf"
,
".jtml"
,
".jSp"
,
".jSpx"
,
".jSpa"
,
".jSw"
,
".jSv"
,
".jSpf"
,
".jHtml"
,
".asp"
,
".aspx"
,
".asa"
,
".asax"
,
".ascx"
,
".ashx"
,
".asmx"
,
".cer"
,
".aSp"
,
".aSpx"
,
".aSa"
,
".aSax"
,
".aScx"
,
".aShx"
,
".aSmx"
,
".cEr"
,
".sWf"
,
".swf"
,
".htaccess"
);
$file_name
=
trim($_FILES[
'upload_file'
][
'name'
]);
$file_name
=
deldot($file_name);
/
/
删除文件名末尾的点
$file_ext
=
strrchr($file_name,
'.'
);
$file_ext
=
strtolower($file_ext);
/
/
转换为小写
$file_ext
=
str_ireplace(
'::$DATA'
, '', $file_ext);
/
/
去除字符串::$DATA
$file_ext
=
trim($file_ext);
/
/
首尾去空
if
(!in_array($file_ext, $deny_ext)) {
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $_FILES[
'upload_file'
][
'name'
])) {
$img_path
=
$UPLOAD_ADDR .
'/'
. $file_name;
$is_upload
=
true;
}
}
else
{
$msg
=
'此文件不允许上传'
;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
"php"
,
"php5"
,
"php4"
,
"php3"
,
"php2"
,
"html"
,
"htm"
,
"phtml"
,
"jsp"
,
"jspa"
,
"jspx"
,
"jsw"
,
"jsv"
,
"jspf"
,
"jtml"
,
"asp"
,
"aspx"
,
"asa"
,
"asax"
,
"ascx"
,
"ashx"
,
"asmx"
,
"cer"
,
"swf"
,
"htaccess"
);
$file_name
=
trim($_FILES[
'upload_file'
][
'name'
]);
$file_name
=
str_ireplace($deny_ext,"", $file_name);
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $file_name)) {
$img_path
=
$UPLOAD_ADDR .
'/'
.$file_name;
$is_upload
=
true;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])) {
if
(file_exists($UPLOAD_ADDR)) {
$deny_ext
=
array(
"php"
,
"php5"
,
"php4"
,
"php3"
,
"php2"
,
"html"
,
"htm"
,
"phtml"
,
"jsp"
,
"jspa"
,
"jspx"
,
"jsw"
,
"jsv"
,
"jspf"
,
"jtml"
,
"asp"
,
"aspx"
,
"asa"
,
"asax"
,
"ascx"
,
"ashx"
,
"asmx"
,
"cer"
,
"swf"
,
"htaccess"
);
$file_name
=
trim($_FILES[
'upload_file'
][
'name'
]);
$file_name
=
str_ireplace($deny_ext,"", $file_name);
if
(move_uploaded_file($_FILES[
'upload_file'
][
'tmp_name'
], $UPLOAD_ADDR .
'/'
. $file_name)) {
$img_path
=
$UPLOAD_ADDR .
'/'
.$file_name;
$is_upload
=
true;
}
}
else
{
$msg
=
$UPLOAD_ADDR .
'文件夹不存在,请手工创建!'
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])){
$ext_arr
=
array(
'jpg'
,
'png'
,
'gif'
);
$file_ext
=
substr($_FILES[
'upload_file'
][
'name'
],strrpos($_FILES[
'upload_file'
][
'name'
],
"."
)
+
1
);
if
(in_array($file_ext,$ext_arr)){
$temp_file
=
$_FILES[
'upload_file'
][
'tmp_name'
];
$img_path
=
$_GET[
'save_path'
].
"/"
.rand(
10
,
99
).date(
"YmdHis"
).
"."
.$file_ext;
if
(move_uploaded_file($temp_file,$img_path)){
$is_upload
=
true;
}
else
{
$msg
=
'上传失败!'
;
}
}
else
{
$msg
=
"只允许上传.jpg|.png|.gif类型文件!"
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])){
$ext_arr
=
array(
'jpg'
,
'png'
,
'gif'
);
$file_ext
=
substr($_FILES[
'upload_file'
][
'name'
],strrpos($_FILES[
'upload_file'
][
'name'
],
"."
)
+
1
);
if
(in_array($file_ext,$ext_arr)){
$temp_file
=
$_FILES[
'upload_file'
][
'tmp_name'
];
$img_path
=
$_GET[
'save_path'
].
"/"
.rand(
10
,
99
).date(
"YmdHis"
).
"."
.$file_ext;
if
(move_uploaded_file($temp_file,$img_path)){
$is_upload
=
true;
}
else
{
$msg
=
'上传失败!'
;
}
}
else
{
$msg
=
"只允许上传.jpg|.png|.gif类型文件!"
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])){
$ext_arr
=
array(
'jpg'
,
'png'
,
'gif'
);
$file_ext
=
substr($_FILES[
'upload_file'
][
'name'
],strrpos($_FILES[
'upload_file'
][
'name'
],
"."
)
+
1
);
if
(in_array($file_ext,$ext_arr)){
$temp_file
=
$_FILES[
'upload_file'
][
'tmp_name'
];
$img_path
=
$_POST[
'save_path'
].
"/"
.rand(
10
,
99
).date(
"YmdHis"
).
"."
.$file_ext;
if
(move_uploaded_file($temp_file,$img_path)){
$is_upload
=
true;
}
else
{
$msg
=
"上传失败"
;
}
}
else
{
$msg
=
"只允许上传.jpg|.png|.gif类型文件!"
;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])){
$ext_arr
=
array(
'jpg'
,
'png'
,
'gif'
);
$file_ext
=
substr($_FILES[
'upload_file'
][
'name'
],strrpos($_FILES[
'upload_file'
][
'name'
],
"."
)
+
1
);
if
(in_array($file_ext,$ext_arr)){
$temp_file
=
$_FILES[
'upload_file'
][
'tmp_name'
];
$img_path
=
$_POST[
'save_path'
].
"/"
.rand(
10
,
99
).date(
"YmdHis"
).
"."
.$file_ext;
if
(move_uploaded_file($temp_file,$img_path)){
$is_upload
=
true;
}
else
{
$msg
=
"上传失败"
;
}
}
else
{
$msg
=
"只允许上传.jpg|.png|.gif类型文件!"
;
}
}
function getReailFileType($filename){
$
file
=
fopen($filename,
"rb"
);
$
bin
=
fread($
file
,
2
);
/
/
只读
2
字节
fclose($
file
);
$strInfo
=
@unpack(
"C2chars"
, $
bin
);
$typeCode
=
intval($strInfo[
'chars1'
].$strInfo[
'chars2'
]);
$fileType
=
'';
switch($typeCode){
case
255216
:
$fileType
=
'jpg'
;
break
;
case
13780
:
$fileType
=
'png'
;
break
;
case
7173
:
$fileType
=
'gif'
;
break
;
default:
$fileType
=
'unknown'
;
}
return
$fileType;
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])){
$temp_file
=
$_FILES[
'upload_file'
][
'tmp_name'
];
$file_type
=
getReailFileType($temp_file);
if
($file_type
=
=
'unknown'
){
$msg
=
"文件未知,上传失败!"
;
}
else
{
$img_path
=
$UPLOAD_ADDR.
"/"
.rand(
10
,
99
).date(
"YmdHis"
).
"."
.$file_type;
if
(move_uploaded_file($temp_file,$img_path)){
$is_upload
=
true;
}
else
{
$msg
=
"上传失败"
;
}
}
}
function getReailFileType($filename){
$
file
=
fopen($filename,
"rb"
);
$
bin
=
fread($
file
,
2
);
/
/
只读
2
字节
fclose($
file
);
$strInfo
=
@unpack(
"C2chars"
, $
bin
);
$typeCode
=
intval($strInfo[
'chars1'
].$strInfo[
'chars2'
]);
$fileType
=
'';
switch($typeCode){
case
255216
:
$fileType
=
'jpg'
;
break
;
case
13780
:
$fileType
=
'png'
;
break
;
case
7173
:
$fileType
=
'gif'
;
break
;
default:
$fileType
=
'unknown'
;
}
return
$fileType;
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])){
$temp_file
=
$_FILES[
'upload_file'
][
'tmp_name'
];
$file_type
=
getReailFileType($temp_file);
if
($file_type
=
=
'unknown'
){
$msg
=
"文件未知,上传失败!"
;
}
else
{
$img_path
=
$UPLOAD_ADDR.
"/"
.rand(
10
,
99
).date(
"YmdHis"
).
"."
.$file_type;
if
(move_uploaded_file($temp_file,$img_path)){
$is_upload
=
true;
}
else
{
$msg
=
"上传失败"
;
}
}
}
function isImage($filename){
$types
=
'.jpeg|.png|.gif'
;
if
(file_exists($filename)){
$info
=
getimagesize($filename);
$ext
=
image_type_to_extension($info[
2
]);
if
(stripos($types,$ext)){
return
$ext;
}
else
{
return
false;
}
}
else
{
return
false;
}
}
$is_upload
=
false;
$msg
=
null;
if
(isset($_POST[
'submit'
])){
$temp_file
=
$_FILES[
'upload_file'
][
'tmp_name'
];
$res
=
isImage($temp_file);
if
(!$res){
$msg
=
"文件未知,上传失败!"
;
}
else
{
$img_path
=
$UPLOAD_ADDR.
"/"
.rand(
10
,
99
).date(
"YmdHis"
).$res;
if
(move_uploaded_file($temp_file,$img_path)){
$is_upload
=
true;
}
else
{
$msg
=
"上传失败"
;
}
}
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
赞赏
他的文章
- 【封神台】前端渗透 XSS wp 2849
- 【封神台】Upload-Labs wp 1923
- 【封神台】Sql-Labs wp 1674
看原图
赞赏
雪币:
留言: