File Vulnerability Notes

Others 2022-04-22 02:42:41 views: 0

File upload vulnerability: An attacker uploads an executable file to the server through a normal website and executes it. The files uploaded here may be Trojans, viruses, malicious scripts or webshalls, etc. It is the most direct and effective way to attack.

File upload vulnerabilities are:

  Upload bypassing JS validation.

  The Type in the packet bypasses the upload.

  File extensions bypass uploads.

  Etc., etc. . . . . . . .

The cause of the file upload vulnerability: the main reason is that the front-end and server filtering is not strict, and the black and white list settings are not perfect. This leads to a file upload vulnerability.

Common file upload vulnerabilities:

  Front-end: JS judgment, use burpsuite to modify the filename in the data package, in special cases, JS can be disabled to bypass.

  Server side: Use PHP's case obfuscation, PHP.Php, etc. to bypass.

  Type: one of the servers, uploading PHP files, the type prompt is application/octet-stream and modify it to image/jpeg

 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=324774215&siteId=291194637
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com