网站地图    收藏   

主页 > 入门引导 > 黑客攻防 >

web常见攻击六——文件上传漏洞 - 网站安全 - 自

来源:自学PHP网    时间:2015-04-15 15:00 作者: 阅读:

[导读] 我是在dvwa(Damn Vulnerable Web App)上学到的这些东西,我把dvwa安装在了我的免费空间上,有兴趣的可以看看。DVWA想要用户名和密码的可以联系我:sq371426@163 comdvwa 用的验证是google提供的,...

 我是在dvwa(Damn Vulnerable Web App)上学到的这些东西,我把dvwa安装在了我的免费空间上,有兴趣的可以看看。DVWA

想要用户名和密码的可以联系我:sq371426@163.com

dvwa 用的验证是google提供的,详情见google CAPCTHE

文件上传漏洞就是对用户上传的文件类型判断不完善,导致攻击者上传非法类型的文件,从而对网站进行攻击。

以上传图片为例进行介绍,下面来看初级的程序。

 <?php 
    if (isset($_POST['Upload'])) { 
 
            $target_path = DVWA_WEB_PAGE_TO_ROOT."hackable/uploads/"; 
            $target_path = $target_path . basename( $_FILES['uploaded']['name']); 
 
            if(!move_uploaded_file($_FILES['uploaded']['tmp_name'], $target_path)) { 
 
                echo '<pre>'; 
                echo 'Your image was not uploaded.'; 
                echo '</pre>'; 
 
              } else { 
 
                echo '<pre>'; 
                echo $target_path . ' succesfully uploaded!'; 
                echo '</pre>'; 
 
            } 
 
        } 
?> 

这段程序没有对图片类型及大小进行任何判断,就对文件进行上传,很容易产生文件攻击。

下面这段程序对文件大小及类型进行验证

 <?php 
    if (isset($_POST['Upload'])) { 
 
            $target_path = DVWA_WEB_PAGE_TO_ROOT."hackable/uploads/"; 
            $target_path = $target_path . basename($_FILES['uploaded']['name']); 
            $uploaded_name = $_FILES['uploaded']['name']; 
            $uploaded_type = $_FILES['uploaded']['type']; 
            $uploaded_size = $_FILES['uploaded']['size']; 
 
            if (($uploaded_type == "image/jpeg") && ($uploaded_size < 100000)){ 
 
 
                if(!move_uploaded_file($_FILES['uploaded']['tmp_name'], $target_path)) { 
 
                    echo '<pre>'; 
                    echo 'Your image was not uploaded.'; 
                    echo '</pre>'; 
 
                  } else { 
 
                    echo '<pre>'; 
                    echo $target_path . ' succesfully uploaded!'; 
                    echo '</pre>'; 
 
                    } 
            } 
            else{ 
                echo '<pre>Your image was not uploaded.</pre>'; 
            } 
        } 
?>

 

很多人都会用$uploaded_type == ”image/jpeg”对图片类型进行验证,可是这样依然是不安全的。

<?php 
if (isset($_POST['Upload'])) { 
 
            $target_path = DVWA_WEB_PAGE_TO_ROOT."hackable/uploads/"; 
            $target_path = $target_path . basename($_FILES['uploaded']['name']); 
            $uploaded_name = $_FILES['uploaded']['name']; 
            $uploaded_ext = substr($uploaded_name, strrpos($uploaded_name, '.') + 1); 
            $uploaded_size = $_FILES['uploaded']['size']; 
 
            if (($uploaded_ext == "jpg" || $uploaded_ext == "JPG" || $uploaded_ext == "jpeg" || $uploaded_ext == "JPEG") && ($uploaded_size < 100000)){ 
 
 
                if(!move_uploaded_file($_FILES['uploaded']['tmp_name'], $target_path)) { 
 
                    echo '<pre>'; 
                    echo 'Your image was not uploaded.'; 
                    echo '</pre>'; 
 
                  } else { 
 
                    echo '<pre>'; 
                    echo $target_path . ' succesfully uploaded!'; 
                    echo '</pre>'; 
 
                    } 
            } 
 
            else{ 
 
                echo '<pre>'; 
                echo 'Your image was not uploaded.'; 
                echo '</pre>'; 
            } 
        } 
 
?>

安全的图片验证类型可以这样写$uploaded_ext == ”jpg” || $uploaded_ext == ”JPG” || $uploaded_ext == ”jpeg” || $uploaded_ext == ”JPEG”),呵呵,也不难是吧,其实有些事情就这么简单,只是我们不知道而已。

 

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论