I have the following code, and when I upload a file with named "abc.htaccess" then it works correctly by showing "attacked", but when I upload abc.php or abcphp file name, then it tell me file is uploaded. So what's condition of if(false && true) (same as upload .php file) and if(true && true) (same as upload .htaccess file).
<!DOCTYPE html>
<html>
<body>
<form action="" method="post" enctype="multipart/form-data">
Select image to upload: <input type="file" name="fileToUpload" id="fileToUpload"><input type="submit" value="Upload Image" name="submit">
</form>
<br />
<br />
<?php
$target_dir = "./";
$target_file = $target_dir . $_FILES["fileToUpload"]["name"];
echo "Filename: " . $_FILES["fileToUpload"]["name"];
var_dump(strpos(strtolower($_FILES["fileToUpload"]["name"]),"php"));
var_dump(strpos(strtolower($_FILES["fileToUpload"]["name"]), "htaccess"));
if(1==1 && 1==2){
echo "Condition test: 1==1 && 1==2";
}
if(1==1 && 2==2){
echo "Condition test: 1==1 && 2==2";
}
if((strpos(strtolower($_FILES["fileToUpload"]["name"]),"php") == false) && (strpos(strtolower($_FILES["fileToUpload"]["name"]), "htaccess") == false)){
if(isset($_POST["submit"])) {
move_uploaded_file($_FILES['fileToUpload']['tmp_name'], $target_file);
echo "Uploaded file: <a href='http://" .$_SERVER['SERVER_NAME'] . "/" . $_FILES["fileToUpload"]["name"] . "' target='_blank'>" . $_FILES["fileToUpload" . "</a>";
echo "File uploaded";
}
}else{echo "attacked";}
?>
Result of 2 upload time like this:
1st:
Filename: phpminiadmin.phpint(0)
bool(false)
Condition: 1==1 && 2==2Uploaded file: phpminiadmin.php
2nd:
Filename: desktop.htaccessbool(false)
int(8)
Condition: 1==1 && 2==2attacked
Aucun commentaire:
Enregistrer un commentaire