File Upload(Low)
代碼分析
<?php
if( isset( $_POST[ 'Upload' ] ) ) {
// Where are we going to be writing to?
$target_path = DVWA_WEB_PAGE_TO_ROOT . "hackable/uploads/";
$target_path .= basename( $_FILES[ 'uploaded' ][ 'name' ] );
// Can we move the file to the upload folder?
if( !move_uploaded_file( $_FILES[ 'uploaded' ][ 'tmp_name' ], $target_path ) ) {
// No
$html .= '<pre>Your image was not uploaded.</pre>';
}
else {
// Yes!
$html .= "<pre>{$target_path} succesfully uploaded!</pre>";
}
}
?>
漏洞利用
文件上傳漏洞的利用是有限制條件的。
(1)要能夠成功上傳木馬文件
(2)上傳文件必須能夠被執行
(3)上傳文件的路徑必須可知
上傳文件a.php(一句話木馬)
中國蟻劍AntSword下載