Web site Common Vulnerability Resolution: File Upload vulnerability

Any file Upload vulnerability

File Upload Vulnerability (Upload Attack) is because the file Upload function implementation code does not strictly limit the user's uploaded file suffix and file type, resulting in allowing attackers to upload arbitrary php files to a directory that can be accessed through the Web, and to pass these files to the PHP interpreter. You can execute arbitrary PHP scripts on the remote server.

A set of Web applications, generally provide file upload function, convenient for visitors to upload some files.

Here is a simple file upload form

<form action= "upload.php" method= "post" enctype= "Multipart/form-data" Name= "Form1" >

<input type= "File" Name= "File1"/><br/>

<input type= "Submit" value= "Upload file"/>

<input type= "hidden" name= "max_file_size" value= "1024"/>

</form>

PHP's configuration file php.ini, where the option upload_max_filesize specifies the file size to be uploaded, by default 2M

$_files array variable

PHP uses variable $_files to upload files, $_files is an array.

If you upload test.txt, then the contents of the $_files array are:

$FILES

Array

{

[File] => Array

{

[Name] => test.txt//file name

[Type] => text/plain//mime type

[Tmp_name] =>/tmp/php5d.tmp//Temporary files

[ERROR] => 0//error message

[Size] => 536//File size, unit byte

}

}

If the Upload file button's Name property value is file

<input type= "File" name= "file"/>

Then use $_files[' file ' [' name '] to get the client upload file name, without the path. Use $_files[' file ' [' Tmp_name '] to obtain a temporary file path for the server to save uploaded files

folder where uploaded files are stored

PHP does not directly upload files to the site root directory, but to save as a temporary file, the name is the value of $_files[' file ' [' Tmp_name '], the developer must copy the temporary file to the stored Web site folder.

The value of the $_files[' file ' [' Tmp_name '] is set by PHP and, unlike the original name of the file, the developer must use $_files[' file ' [' name '] to get the original name of the uploaded file.

Error message when uploading files $_files[the ' file ' [' ERROR '] variable is used to save the error message when uploading the file, its value is as follows: