Upload pseudo-technology ~ A lot of people think the suffix is judged, judge the contenttype, judge the head file is really safe. Is it?
Source: Internet
Author: User
<span id="Label3"></p><p><p>today, Some people talk about picture upload, simply say their own experience</p></p><p><p>0. If your method has a specified path, be <span style="color: #ff6600;"><strong>sure</strong></span> to filter it. /, such as you set the AA folder permissions, some similar to exe,asp,php and other files can not be executed, then if I pass the path, the front add a <span style="color: #ff6600;"><strong>. /</strong></span> So this server-side limit is Skipped. (DJ Music Station basically has this problem, as well as the comrade with an Editor)</p></p><p><p>1. Common Methods: This is based on the suffix to determine whether it is a picture file, it is important to note that this format: <strong>file:<span style="color: #ff6600;">1.asp;. JPG 1.asp%01.jpg</span> directory: <span style="color: #ff6600;">1.jpg/1.asp 1.jpg/1.php</span> and so on, IIS and Nginx partial version is a parsing vulnerability (do not use the original name of the file, eg:1.asp.jpg= " The name after the suffix is 1.asp)</strong></p></p><pre class="brush:csharp;gutter:true;"><summary>//image Upload///</summary>//<param name= "file" ></param> <returns></returns> public jsonresult Uploada (httppostedfilebase File) {if (file = = Null) {return Json (new {status = false, msg = "picture Submission failed"}); If (file. ContentLength > 10485760) {return Json (new {status = false, msg = "within 10M of file"}); String filterstr = ". gif,.jpg,.jpeg,.bmp,.png"; String fileext = Path.getextension (file. FileName). ToLower (); If (!filterstr.contains (fileext)) {return Json (new {status = false, msg = "picture not formatted"}); TODO:MD5 determine if the file has been uploaded, if it has been uploaded directly return the return Json (new {status = true, msg = sqlpath}); String path = String. Format ("{0}/{1}", "/lotfiles", DateTime.Now.ToString ("yyyy-mm-dd")); String fileName = String. Format ("{0}{1}", Guid.NewGuid (). ToString ("N"), fileext); String SQLPath = String. Format ("{0}/{1}", Path, fileName); String Dirpath = Request.mappath (path); If (! Directory.Exists (dirpath)) {directory.createdirectory (dirpath);} Try {//todo: thumbnail file. SaveAs (path.combine (dirpath, fileName)); Todo: Future Write database code} catch {return Json (new {status = false, msg = "picture Save failed"}); return Json (new {status = true, msg = sqlpath}); }</pre><p><p> 2.context-type Method (many People say this security is higher than the previous one ...) well, maybe, There's At least one file suffix hard to judge, contenttype this thing grab a bag, local agent open, directly can be string change, pass the 1.asp, you receive the ContextType is still the picture format, the last save is finished) </p></p><pre class="brush:csharp;gutter:true;"><summary>//image Upload///</summary>//<param name= "file" ></param> <returns></returns> public jsonresult uploadb (httppostedfilebase File) {if (file = = Null) {return Json (new {status = false, msg = "picture Submission failed"}); If (file. ContentLength > 10485760) {return Json (new {status = false, msg = "within 10M of file"}); Judge file format (mimemapping) var contentType = File. ContentType; if (contentType = = Null) {return Json (new {status = false, msg = "picture Submission failed"}); ContentType = Contenttype.tolower (); var extlist = new dictionary<string, string> () {{"image/gif", ". gif"}, {"image/jpeg", ". jpg"}, {"image/bmp", " . bmp "}, {" image/png ",". png "}}; If (!extlist.containskey (contentType)) {return Json (new {status = false, msg = "picture not formatted"}); TODO:MD5 determine if the file has been uploaded, if it has been uploaded directly return the return Json (new {status = true, msg = sqlpath}); String path = String. Format ("{0}/{1}", "/lotfiles", DateTime.Now.ToString ("yyyy-mm-dd")); String fileName = String. Format ("{0}{1}", Guid.NewGuid (). ToString ("N"), extlist[contenttype]); String SQLPath = String. Format ("{0}/{1}", path, fileName); String Dirpath = Request.mappath (path); If (! Directory.Exists (dirpath)) {directory.createdirectory (dirpath);} Try {//todo: thumbnail file. SaveAs (path.combine (dirpath, fileName)); Todo: Future Write database code} catch {return Json (new {status = false, msg = "picture Save failed"}); return Json (new {status = true, msg = sqlpath}); }</pre><p><p>If you have to use this, it is recommended to use the first one with</p></p><p><p>3. Head file judging, Many people think this is the final plan ... well, maybe, But if You're 4.5 and maybe later you can understand That.</p></p><p><p>Paste the code first:</p></p> <blockquote> <blockquote> <p>/* header file Reference: (my own test is if the deviation please contact Me)<br>7790:exe,dll</p> <p>5666:psd<br>6677:bmp<br>7173:gif<br>13780:png<br>255216:jpg,jpeg<br></p> <p>8297:rar<br>55122:7z<br>8075:docx,xlsx,pptx,vsdx,mmap,xmind, "zip"<br>208207:doc,xls,ppt,mpp,vsd<br>*/</p> </blockquote> </blockquote><pre class="brush:csharp;gutter:true;"> <summary>///to determine if the extension is the specified Type---default is to determine the image format, in accordance with the return true//eg:file, "7173", "255216", "6677", "13780"//gif &n Bsp;//jpg//bmp //png//</summary>//<param name= "stream" > file flow </param>//<param N Ame= "filetypes" > file extension </param>//<returns></returns> public static bool Checkingext (this Strea M stream, params string[] filetypes) {if (filetypes.length = = 0) {filetypes = new string[] {"7173", "255216", "6677", "13780"}; } bool result = false; String fileclass = ""; #region Read the first two bytes using (stream) {using (var reader = new BinaryReader (stream)) { byte[] buff = new byte[2]; Try {//reads the first two bytes of each file Reader. Read (buff, 0, 2); Fileclass = buff[0]. ToString () + buff[1]. ToString (); } catch (system.exception Ex) {return false;} }} #endregion #region Check for (int i = 0; i < filetypes.length; i++) { if (fileclass = = Filetypes[i]) {result = true; Break }} #endregion return result; }</pre><p><p> </p> </p><pre class="brush:csharp;gutter:true;"> <summary>///picture upload (theoretically need two times to render the film, Microsoft save when there should be some validation [i put a word trojan image upload, will return an empty Picture])///</summ ary>//<returns></returns> public Jsonresult uploadc (httppostedfilebase File) { if (file = = Null) {return Json (new {status = false, msg = "picture Submission failed"}); If (file. ContentLength > 10485760) {return Json (new {status = false, msg = "within 10M of file"}); String filterstr = ". gif,.jpg,.jpeg,.bmp,.png"; String fileext = Path.getextension (file. FileName). ToLower (); If (!filterstr.contains (fileext)) {return Json (new {status = false, msg = "picture not formatted"}); Prevent hackers from malicious bypass, the header file to determine the file suffix if (!file. Inputstream.checkingext ()) {//todo: A dangerous record return Json (new {status = false, msg = "picture format is not correct"}); //TODO:MD5 determine if the file has been uploaded, and if it has been uploaded, return the return Json directly (new {status = true, msg = sqlpath}); String path = String. FOrmat ("{0}/{1}", "/lotfiles", DateTime.Now.ToString ("yyyy-mm-dd")); String fileName = String. Format ("{0}{1}", Guid.NewGuid (). ToString ("N"), fileext); String SQLPath = String. Format ("{0}/{1}", path, fileName); String Dirpath = Request.mappath (path); If (! Directory.Exists (dirpath)) {directory.createdirectory (dirpath);} Try {//todo: thumbnail + watermark File. SaveAs (path.combine (dirpath, fileName)); Todo: Future Write database code} catch {return Json (new {status = false, msg = "picture Save failed"}); return Json (new {status = true, msg = sqlpath}); }</pre><p><p>In fact, this is very good cheat, several methods, simply say 2 kinds:</p></p><p><p>1th one, with the copy command</p></p><p><p></p></p><p><p>Generated a sentence picture of a Trojan</p></p><p><p></p></p><p><p>2nd, open a picture with <strong>edjpgcom</strong> , you can directly insert a word of the Trojan horse</p></p><p><p></p></p><p><p>The picture doesn't look any different than it was before.</p></p><p><p></p></p><p><p>Use <strong>WinHex</strong> to see ~</p></p><p><p></p></p><p><p>Upload Test</p></p><p><p></p></p><p><p>Successfully uploaded the</p></p><p><p></p></p><p><p></p></p><p><p>Some people say save the picture as other format can eliminate a word trojan ... well, all right, You can understand that ~ look at the Picture:</p></p><p><p></p></p><p><p></p></p><p><p>Infiltration of the general encounter this kind of image upload after two times rendering, generally give up directly, because the inside of a sentence no longer exists</p></p><p><p>As for two times rendering is what ghosts, can be self-study, first sleep ~ ~ ~</p></p><p><p></p></p><p><p></p></p><p><p>Upload pseudo-technology ~ A lot of people think the suffix is judged, judge the contenttype, judge the head file is really safe. Is it?</p></p></span>
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
