warn
Do not use the content mentioned in this article to violate the law .
This article does not provide any guarantee
1. Vulnerability introduction
A "race condition" occurs when multiple threads access the same shared code, variable, file, etc. at the same time without locking or synchronizing.
Second, the code used in the experiment
<?php
$filename = $_FILES['file']['name'];
$chuhe = substr($filename,strrpos($filename,'.')+1);
$path = 'uploads/' . $filename;
$tmp = $_FILES['file']['tmp_name'];
if(move_uploaded_file($tmp,$path)){
if(!preg_match('/php/i',$chuhe)){
echo 'upload success,file in ' . $path;
}else{
unlink($path);
die("can't upload php file!");
}
}else{
die('upload error!');
}
?>A very simple upload code. As you can see from the code, the uploaded file will be saved to the upload directory first, and then it will be judged whether the suffix of the uploaded file contains php. If it does, the uploaded file will be deleted.
It seems like there is no problem, but there is actually a race condition vulnerability here.
although