Analysis on the principle of "Web security" File Upload vulnerability

0x01 File Upload Vulnerability Introduction

In order for users to upload files to a Web site, it is like opening another door to a malicious user of a crisis server. Even so, in today's modern Internet Web applications, it is a common requirement because it helps to improve business efficiency. Enterprise Support Portal, to the users of enterprise employees to effectively share files. Allows users to upload pictures, videos, avatars and many other types of files. The more features you provide to users, the greater the risk and opportunity for Web apps to be attacked, which can be exploited by malicious users, gaining access to a specific website, or compromising the likelihood of a server being very high. There is no mistake in uploading the file itself, the problem and the vulnerability is how the server handles the uploaded file .

0x02 Upload Vulnerability

　　This vulnerability in the DVBBS6.0 era by hackers to use the most rampant, the use of upload vulnerabilities can be directly Webshell, the threat level is super high, now the intrusion is also a common vulnerability to upload vulnerabilities.

0x03 Upload vulnerability causes

　　When uploading files, if the Server scripting language, the uploaded files are not strictly verified and filtered, it is easy to upload arbitrary files, including uploading script files. If it is a normal PHP file, there is no harm to the server. PHP can be like other programming languages, you can view the files in the directory, view the contents of the file, you can execute system commands and so on. Uploading files, if the server-side scripting language, upload files are not strictly verified and filtered, it is possible to upload malicious PHP files, so as to control the entire site, or even the server.

0x04 Upload Vulnerability principle

index.html:  

1 <HTML>  2 <Head>  3 <MetaCharSet= "Utf-8">4 <title>File Upload Vulnerability-yup</title>   5 </Head>  6 <Body>  7 <Center>8 <H2>File Upload Vulnerability</H2>9 <P>2017.7.30 by. Ye</P>Ten <P> OneFile upload vulnerability refers to the user uploading an executable script file, and through this script file to obtain the ability to execute server-side commands.<BR> AThis attack mode is the most direct and effective, "file upload" itself is not a problem, the problem is the file upload, the server how to process, interpret the file.<BR> -If the server's processing logic is not secure enough, it can lead to serious consequences.<BR> - </P> the <HR> - <H2>Vulnerability Demo</H2> - <formAction= "upload.php"Method= "POST"onsubmit= "Checkfile ()"enctype= "Multipart/form-data">   -     <inputtype= "File"name= "File"ID= "File">  +     <inputtype= "Submit"value= "Upload file"name= "Submit">   - </form>   + </Center> A </Body>   at </HTML>  

upload.php:

1<?PHP2     error_reporting(0);//Suppress all error messages3@Header("content-type:text/html; Charset=utf-8 ");//language Coercion4     Ob_start();5 6     if(isset($_post["Submit"])){  7         $name=$_file[' File '] [' Name ']; 8         $name=MD5(Date(' y-m-d h:m:s ')).STRRCHR($name,".");//Upload file rename9         $size=$_files[' File '] [' Size '];Ten         $tmp=$_files[' File '] [' Tmp_name ']; One         Move_uploaded_file($tmp,$name);  A         Echo"File upload is successful!" Path: ".$name;  -     }   -?>

We prepare an uploaded file in advance 1.php

The source code for 1.php is as follows:

<? PHP Phpinfo ()?>

Then we build a local site upload test:

Upload successful, we will open the file we uploaded

To open our file successfully, check our website root directory:

0x05 Parsing Vulnerability

The following is a list of some of the more commonly used parsing vulnerabilities:

Nginx Parsing Vulnerability:

http://www.xxxx.com/1.jpg/a.php

http:/www.xxxx.com/1.jpg%. php

iis7.0/7.5 Parsing Vulnerability:

http://www.xxxx.com/UploadFiles/image/1. jpg/.php

IIS6.0 Parsing Vulnerability:

http://www.xxxx.com/UploadFiles/image/1. jpg;x.php

Apache Parsing Vulnerability:

Http://www.xxxx.com/test.php.x1.x2.x3

Web security File Upload Vulnerability principle analysis