常见的白名单
扩展名 | MIME TYPE |
---|---|
jpg | image/jpeg |
png | image/png |
txt | text/plain |
zip | application/zip |
doc | application/msword |
文件上传漏洞演示脚本–MIME验证实例
<?php
//文件上传漏洞演示脚本之MIME验证
$uploaddir = 'uploads/';
if (isset($_POST['submit'])) {
if (file_exists($uploaddir)) {
if (($_FILES['upfile']['type'] == 'image/gif') || ($_FILES[