Detailed double file upload - Code World

Detailed double file upload

Others 2019-09-22 20:28:55 views: null

One. Dual use file upload

Double meaning by uploading files to upload two or more files to breakthrough

Use:

File upload vulnerability in the presence of a double page, view the upload page.

Method: (1) f12 find post the form to upload, action attribute is specified detection upload page, usually written by the absolute path, such as: xxx.asp / xxx.php.

(2) completion url: https://www.xxx.com/xxx.php(asp)

(3) construction of local post submission form

1 <form action="https://www.xxx.com/xxx.asp(php)" method="post"
2 name="form1" enctype="multipart/form‐data">
3 <input name="FileName1" type="FILE" class="tx1" size="40">
4 <input name="FileName2" type="FILE" class="tx1" size="40">
5 <input type="submit" name="Submit" value= "Upload" > 
. 6  </ form >

Just change the action when using the value of the specified upload page.

(4) The upload file is qualified (.jpg; .png; .gif, etc.); second word is uploaded or Trojan webshell

So that you can break through the upload limit, Trojan successfully uploaded to the server.

principle:

Uploading Point supports multiple file uploads, but only for the first file but do filter

Therefore, only the first upload a file extension for testing, for the second file is not detected directly uploaded to the server.

Look for a file upload vulnerability exists Dual Code

1 for i=0 to ubound(arrUpFileType)
2 if fileEXT=trim(arrUpFileType(i)) then
3 EnableUpload=true
4 exit for
5 end if
6 next

Beginning EnableUpload = false, but after entering the for loop above, it is judged that the file type is legitimate. If legitimate, EnableUpload value is True, so when the first file is a legitimate file, the file is not detected in the future.

Double file upload vulnerability is a relatively old vulnerability, its repair is very simple, it is only support a file upload.

Today we see this loophole, though aware of the use of methods, but the use of the principle still do not understand, so I picked a closer look at this loophole.

In fact, many using the method: You can also capture during the upload, a copy of the response packet, and then change the filename any name, such as: filename1 would also be a breakthrough upload limit.

Guess you like

Origin www.cnblogs.com/Da4er/p/11559922.html

Detailed double file upload

File upload and download (super detailed)

Ultra detailed file upload and download (Spring Boot)

[Network Security] Detailed Explanation of File Upload Vulnerabilities

Of unsafe file download and upload - upload loopholes - upload rename compete with Apache parsing vulnerability to bypass - and - write file upload double bypass

Detailed explanation of layui's upload implementation file upload

SpringMVC file upload & file download & multiple file upload---detailed introduction

Detailed and large file upload HTML5 code examples

Detailed explanation of struts2 file upload and download

Detailed Explanation of Element-ui File Upload of VUE

[MyBatisPlus implements super detailed file upload and download....]

Detailed tutorial on using UEditor in SpringBoot (for file upload problems)

Detailed explanation of Django's file upload and processing in Python web combat

Detailed explanation of bootstrap-fileinput file upload and echo usage

[Upload-labs] File upload vulnerability principle and operation detailed explanation 1~3

File upload vulnerability-upload range 3-4 (the most detailed interpretation on the entire network)

SpringMVC file upload and download (a super detailed blog that teaches you how to use SpringMVC knowledge to upload and download files)

File Upload

ElementUI - Upload file upload

File upload vulnerability (File Upload)

File upload excel file

File upload and file download

Picture upload ajax asynchronous submission and synchronous submission and preview the picture upload to the Web site directory file detailed explanation FormData () object

[Picture upload record 3] Detailed explanation and packaging of element-ui components (custom upload, limit file size, format and picture size)

[Springboot file upload] The solution and elegant realization of double opening of front and back ends, second transfer of large files and resuming of interrupted points

springmvc asynchronous upload and file upload

[Web Security] File Upload Vulnerability and Bypass Basic Detailed Explanation + Practical Operation

Ajax file upload, vue axios file upload

ajax single-file upload and file upload

php single file upload and multiple file upload

Recommended

Ranking

error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘

Database migration between Navicat servers

Minimum number of rotation of the array: Array

balenaEtcher for mac (make a boot disk software) v1.5.67

Custom processing serialization and deserialization in jackson

Mu-en-mask system development software

Mastering Regular Expressions

Find mileage Java--

Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions

[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite

Daily

More

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)