文件上传:
low:没有做任何过滤直接上传即可。
medium:源码:
$uploaded_type == "image/jpeg" || $uploaded_type == "image/png"
这段源码可以看出来他对上传到content-type值做了过滤,
只允许上传这两种type的值,但是没有过滤扩展名。
上传php文件修改content-type值或者传图片马修改扩展名即可。
high:源码:
$target_path = DVWA_WEB_PAGE_TO_ROOT . "hackable/uploads/";
$target_path .= basename( $_FILES[ 'uploaded' ][ 'name' ] );
// File information
$uploaded_name = $_FILES[ 'uploaded' ][ 'name' ];
$uploaded_ext = substr( $uploaded_name, strrpos( $uploaded_name, '.' ) + 1);
$uploaded_size = $_FILES[ 'uploaded' ][ 'size' ];
$uploaded_tmp = $_FILES[ 'uploaded' ][ 'tmp_name'