1客户端检验绕过(javascript检测)

-开发者工具,直接修改JavaScript代码      -burp抓包更改后缀名

2.服务端验证绕过(MIME 类型检测)

upload.php

<html>
<body>

<form action="test.php" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" /> 
<br />
<input type="submit" name="submit" value="Submit" />
</form>

</body>
</html>

  

check_upload

<?php 
if($_FILES['file']['type'] != "image/gif" && $_FILES['file']['type'] != "image/jpeg") 
    {  echo "Sorry, we only allow uploading GIF images"; 
        exit; } 
$uploaddir = 'uploads/'; 
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']); 
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) 
    { echo "File is valid, and was successfully uploaded.\n"; } 
else { echo "File uploading failed.\n"; } 
?>

-burp抓包,修改content-type参数即可

3.服务器检测绕过(目录路径检测)

%00截断

4.服务端检测绕过(文件扩展名检测)

  (1) 黑,白名单

  (2)大小写绕过

  (3)特殊文件名 例如:asp_、.asp.

  (4)0x00截断

  (5)双扩展名及解析漏洞

  (6).htaccess攻击

    .htaccess内容为

<FilesMatch "haha">
SetHandler application/x-httpd-php 
</FilesMatch>

  就可以将"haha"文件当成php文件执行

 

5.服务端检测绕过(文件内容检测)

一次渲染

例如只能上传JPG文件:??JFIF<?php phpinfo();?>  改为php后缀即可

二次渲染 菜鸟基本就没办法了

6.各种解析漏洞