网站地图    收藏   

主页 > 后端 > 网站安全 >

简单分析一个上传函数 上传漏洞突破 - 网站安

来源:自学PHP网    时间:2015-04-16 23:15 作者: 阅读:

[导读] Function fnUploadImg(ByVal upFile As HttpPostedFile, ByVal uploadPath As String) As String Dim result As String = Dim intImgSize As Int32 intImgSize = upFile Conten...

 

Function fnUploadImg(ByVal upFile As HttpPostedFile, ByVal uploadPath As String) As String 
    Dim result As String = "" 
    Dim intImgSize As Int32 
    intImgSize = upFile.ContentLength 
    If intImgSize <> 0 Then 
        If intImgSize > 500000 Then 
            result = "图片太大" 
            Return result 
            Exit Function 
        End If 
        Dim strImgType As String = upFile.ContentType 
        '只接受.jpg格式的图片 
        Dim filesplit() As String = Split(strImgType, "/") 
        strImgType = filesplit(filesplit.Length - 1) 
        If strImgType = "jpg" Or strImgType = "jpeg" Then 
        Else 
            result = "图片格式错误" 
            Return result 
            Exit Function 
        End If 
        filesplit = Split(upFile.FileName, "\") 
        Dim filename As String = filesplit(filesplit.Length - 1) 
        upFile.SaveAs(Server.MapPath("upload\location\" & uploadPath) & "\" & filename) 
         Dim imgpath As String = "upload/location/" & uploadPath & "/" & filename 
         result = imgpath 
        Return result 
    End If 
End Function 




突破方法:上传任意文件,抓包修改Content-Type为:image/jpeg

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论