文件上传绕过
首先文件的校验方式
-
客户端校验 js校验
-
服务端校验: 1.) 文件头type类型校验
<?php if($_FILES['userfile']['type'] != "image/gif") { //检测Content-type echo "Sorry, we only allow uploading GIF images"; exit; } $uploaddir = 'uploads/'; $uploadfile = $uploaddir. basename($_FILES['userfile']['name']); if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.\n"; } else { echo "File uploading failed.\n"; } ?>
2.) 文件内容头校验 3.) 后缀黑名单校验 4.) 后缀白名单校验 5.) .htaccess文件攻击(doccmss) 6.) 图像大小及相关信息检测 7.) 文件加载检测
-
找黑名单的漏网之鱼
-
特别文件名构造
-
0x00截断绕过(改16进制码)
-
图像大小信息绕过