Lenovo happy Q bar Upload Vulnerability and repair

The old rule is, what is the site?
Http://ask.lenovomobile.com/lenovo is the topic of the Lenovo product! This time I am not a good B.
 
 
2. Let me also ask a question. Here is just a test! Accidentally saw a place to upload images! Have a try! I want to upload a normal image first.
 
 
3.upload test.jpg, my most common avatar. Haha! Click Upload
 
 
4. During the upload process, capture a package and check how to upload the file. Can I change the file name to "test.jpg?
 
 






 
 
 
5. Check the returned results. It may contain the relative address of the uploaded file! Sure enough!
 
 
6. Access this address and the result is as follows:
 
 
7.re-upload the file. In the case of www.2cto.com.pdf, change the filenamevalue test.jpg to test. php, as shown below:
 
 
8. Let's look at the returned address again. Oh, I am sorry, the server did not really make a decision. Is the suffix still. php?
 
 
9. Don't talk about anything. Fuck the kitchen knife:
 

 
Solution:

1. The filtering and judgment of the client are all on the cloud, and the server still needs to make a judgment;
2. The file name is changed to a random name, but the suffix should be changed;
3. It is recommended that you save the uploaded files to another Intranet server or another server that stores static files. This way, even if the PHP file is uploaded successfully, it cannot be executed;
4. If you do not have any conditions, we recommend that you set the directory of the uploaded file to be unexecutable.