PHP file upload vulnerability and its fixes

PHP file upload vulnerability and its repair measures

With the development of the Internet, the file upload function is becoming increasingly important in website development. However, the PHP file upload function is also one of the common security holes. Hackers may use this vulnerability to upload malicious files and then attack the website. This article will introduce the principles and attack methods of PHP file upload vulnerabilities, and provide some repair measures.

1. Vulnerability Principle
PHP file upload vulnerabilities are usually based on the following two principles:

1. Imperfect file type verification: The $_FILES array in PHP is used for Global variables for handling file uploads. During the file upload process, the $_FILES variable contains information such as the size and type of the file. However, hackers can fake upload requests to disguise malicious files as images or other file types that are allowed to be uploaded.
2. Improper file execution permissions: If the PHP server does not correctly set or check the file execution permissions when saving uploaded files, hackers may execute arbitrary code by uploading malicious files.

2. Attack method

1. File type bypass attack: Hackers can bypass the server's verification of file types by modifying the file extension. For example, upload "evil.php" disguised as "evil.jpg", and then call the file through other methods to execute malicious code.
2. Thread competition attack: Hackers can upload multiple files at the same time, creating a race condition, and eventually replace a malicious file with a legitimate file. In this way, the server will mistakenly save the malicious file and execute it when called by other pages.

3. Repair measures

In order to prevent PHP file upload vulnerabilities, we can take the following measures:

1. Set a whitelist: During the file upload process , perform whitelist verification on file types, that is, only specified file types are allowed to be uploaded. The following is a sample code:

$allowedTypes = ['jpg', 'jpeg', 'png'];
$fileExt = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
if (!in_array($fileExt, $allowedTypes)) {
    die("File type not allowed.");
}

2. File naming strategy: When saving uploaded files, a randomly generated file name should be used, combined with file name prefix, date and other information to uniquely identify the upload. document. This prevents hackers from directly accessing uploaded files by counter-guessing the file name.
3. Limit file size: In order to prevent malicious users from uploading overly large files and causing server resource exhaustion, the file size should be limited. Here is a sample code:

$maxSize = 1024 * 1024; // 1MB
if ($_FILES['file']['size'] > $maxSize) {
    die("File size exceeds limit.");
}

4. Check the file content: In addition to verifying the file extension, the file content should also be checked. You can use PHP's built-in functions to parse and verify image files to ensure that the uploaded files are valid images.

if (exif_imagetype($_FILES['file']['tmp_name']) === false) {
    die("Invalid image file.");
}

5. File permission control: When saving the uploaded file, make sure that the execution permission of the file is not set to executable. You can prevent hackers from executing malicious code by setting the file permissions to read-only or blocking execution permissions.

To sum up, PHP file upload vulnerabilities are common security risks. However, by strengthening file type verification, file naming strategy, file size limit, file content inspection and file permission control and other repair measures, We can effectively prevent these vulnerabilities and keep the website and users safe.

The above is the detailed content of PHP file upload vulnerability and its fixes. For more information, please follow other related articles on the PHP Chinese website!