Pikachu-Unsafe Fileupload unsafe file upload

Others 2020-02-15 00:07:52 views: null

0x00 unsafe file upload vulnerability overview of unsafe file upload vulnerability Overview

 

File upload function are common in web applications, such as many sites registered when the need to upload picture, upload attachments, and so on.
When the user clicks the Upload button, the background will upload the file to determine whether such is the specified type, extension, size, etc., and then rename the directory after storage in accordance with the format specified design.

Such as uploading picture jpg png upload documents dox
If the background of the uploaded files without any judgment or judgment of the security condition is not stringent enough, an attacker could upload a malicious file, such as a word Trojan, causing back-end server is webshell.
So, when designing a file upload function, be sure to strict security file passed in. For example:
- Verify the file type, extension, size;
- uploading verification documents;
- the file certain complex renaming;
- Do not expose the path after file upload;
- and so on ...

 

 

 

 

 

0x01 Client check

 

Guess you like

Origin www.cnblogs.com/xingyuner/p/12310214.html
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com