1客户端检验绕过(javascript检测)
-开发者工具,直接修改JavaScript代码 -burp抓包更改后缀名
2.服务端验证绕过(MIME 类型检测)
upload.php <html> <body> <form action="test.php" method="post" enctype="multipart/form-data"> <label for="file">Filename:</label> <input type="file" name="file" id="file" /> <br /> <input type="submit" name="submit" value="Submit" /> </form> </body> </html>check_upload <?php if($_FILES['file']['type'] != "image/gif" && $_FILES['file']['type'] != "image/jpeg") { echo "Sorry, we only allow uploading GIF images"; exit; } $uploaddir = 'uploads/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.\n"; } else { echo "File uploading failed.\n"; } ?>
-burp抓包,修改content-type参数即可
3.服务器检测绕过(目录路径检测)
�截断
4.服务端检测绕过(文件扩展名检测)
(1) 黑,白名单
(2)大小写绕过
(3)特殊文件名 例如:asp_、.asp.
(4)0x00截断
(5)双扩展名及解析漏洞
(6).htaccess攻击
.htaccess内容为
<FilesMatch "haha"> SetHandler application/x-httpd-php </FilesMatch>就可以将"haha"文件当成php文件执行
5.服务端检测绕过(文件内容检测)
一次渲染
例如只能上传JPG文件:??JFIF<?php phpinfo();?> 改为php后缀即可
二次渲染 菜鸟基本就没办法了
6.各种解析漏洞
转载于:https://www.cnblogs.com/Elope/p/6639772.html
