佚名MYHACK58:62201340393Website Common Vulnerability-file upload vulnerability-vulnerability warning-the black bar safety net
Arbitrary file upload vulnerability
File upload vulnerability(File Upload Attack)is due to the file upload function to achieve the code does not strictly limit the user to upload a file suffix and file type, the result allows an attacker to a Web-accessible directory to upload arbitrary PHP files, and these files are passed to the PHP interpreter, it can be on a remote server execute arbitrary PHP script.
A web application, Generally we will provide a file upload function, convenient for visitors to upload some files.
Below is a simple file upload form
<form action=“upload.php” method=“post” enctype=“multipart/form-data” name=“form1”>
<input type=“file” name=“file1” /><br />
<input type=“submit” value=“Upload File” />
<input type=“hidden” name=“MAX_FILE_SIZE” value=“1 0 2 4” />
</form>
php configuration file php. ini, where the options upload_max_filesize specifies the allowed Upload File size, default is 2M
$_FILES array variable
PHP uses the variable$_FILES to upload a file,$_FILES is an array.
如果 上传 test.txt, then the$_FILES array content is:
$FILES
Array
{