upload-labs pass-02
Pass-02
先看一下源码(文件类型-MIME):
$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {
if (file_exists(UPLOAD_PATH)) {
if (($_FILES['upload_file']['type'] == 'image/jpeg') || ($_FILES['upload_file']['type'] == 'image/png') || ($_FILES['upload_file']['type'] == 'image/gif')) {
$temp_file = $_FILES['upload_file']['tmp_name'];
$img_path = UPLOAD_PATH . '/' . $_FILES['upload_file']['name']
if (move_uploaded_file($temp_file, $img_path)) {
$is_upload = true;
} else {
$msg = '上传出错!';
}
} else {
$msg = '文件类型不正确,请重新上传!';
}
} else {
$msg = UPLOAD_PATH.'文件夹不存在,请手工创建!';
}
}
1.上传402.php。
<?php
phpinfo();
?>
提示,文件类型不正确,如下图所示:
2、打开代理,拦截上传shell.php的请求包,修改文件类型为:image/jpeg或者image/png或者image/gif。
3.点击放通forward,即可上传成功,成功后,右击图片,查看我们的上传点,上传点为:127.0.0.1/upload/upload/402.php