Home  >  Article  >  Backend Development  >  A brief discussion of vulnerabilities on the web, principle analysis, and prevention methods (file name detection vulnerabilities)_PHP tutorial

A brief discussion of vulnerabilities on the web, principle analysis, and prevention methods (file name detection vulnerabilities)_PHP tutorial

WBOY
WBOYOriginal
2016-07-21 15:02:37903browse

Through the previous article: , we already know that the backend obtains server variables, many of which are passed in from the client. It is no different from ordinary get and post. Let’s take a look at the common vulnerable codes.
1. Detect the file type and save it with the user’s file name

Copy the code The code is as follows:

if(isset($_FILES['img']))
{
$file = save_file($_FILES['img']);
if($file===false ) exit('Upload failed!');

echo "Upload successful!",$file;
}
function check_file($img)
{
// /Read file
if($img['error']>0) return false;

$tmpfile = $img['tmp_name'];
$filename = $img[' name'];


///Read file extension
$len=strrpos($filename,".");
if($len===false) return false;

//Get the extension
$ext = strtolower(substr($filename,$len+1));
if(!in_array($ext,array('jpg', 'jpeg','png'))) return false;
return true;
}
function save_file($img)
{
if(!check_file($img)) return false ;

//Format detection ok, prepare to move data
$filename = $img['name'];
$newfile = "upload/" .$filename;
if(! move_uploaded_file($img["tmp_name"],$newfile)) return false;

return $newfile;
}
?>

The above code is correct The input type was also judged and there was no problem. But the problem does appear precisely in the detection of the obtained user name variable. Get the incoming username directly and save it as a file. Some friends will say: These file names all exist in my computer, and the file name format is limited by the operating system's definition of file names. However, it should be noted that the variables obtained in $_FILES are directly from the http request request. It is the same as getting other get and post variables. Therefore, people with ulterior motives often simulate the browser themselves and send a special file name to the server. Then, when you save the file, you can save it in your own format normally.

A few years ago,”



http://www.bkjia.com/PHPjc/327914.html

www.bkjia.com
true
http: //www.bkjia.com/PHPjc/327914.html

TechArticleWe passed the previous article: A brief discussion of vulnerabilities on the web, principle analysis, and prevention methods (safe file storage methods) , we already know that the backend obtains server variables, many of which are passed in from the client. Follow...