forked from c0ny1/upload-labs
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
5 changed files
with
141 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
<?php | ||
if($_GET['action'] == 'get_prompt'){ | ||
echo 'Pass-20来源于CTF,请审计代码!'; | ||
} | ||
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
<?php | ||
include '../config.php'; | ||
include '../common.php'; | ||
include '../head.php'; | ||
include '../menu.php'; | ||
|
||
|
||
if (isset($_POST['submit'])) { | ||
if (file_exists(UPLOAD_PATH)) { | ||
|
||
$is_upload = false; | ||
$msg = null; | ||
if(!empty($_FILES['upload_file'])){ | ||
//mime check | ||
$allow_type = array('image/jpeg','image/png','image/gif'); | ||
if(!in_array($_FILES['upload_file']['type'],$allow_type)){ | ||
$msg = "禁止上传该类型文件!"; | ||
}else{ | ||
//check filename | ||
$file = empty($_POST['save_name']) ? $_FILES['upload_file']['name'] : $_POST['save_name']; | ||
if (!is_array($file)) { | ||
$file = explode('.', strtolower($file)); | ||
} | ||
|
||
$ext = end($file); | ||
$allow_suffix = array('jpg','png','gif'); | ||
if (!in_array($ext, $allow_suffix)) { | ||
$msg = "禁止上传该后缀文件!"; | ||
}else{ | ||
$file_name = reset($file) . '.' . $file[count($file) - 1]; | ||
$temp_file = $_FILES['upload_file']['tmp_name']; | ||
$img_path = UPLOAD_PATH . '/' .$file_name; | ||
if (move_uploaded_file($temp_file, $img_path)) { | ||
$msg = "文件上传成功!"; | ||
$is_upload = true; | ||
} else { | ||
$msg = "文件上传失败!"; | ||
} | ||
} | ||
} | ||
}else{ | ||
$msg = "请选择要上传的文件!"; | ||
} | ||
|
||
} else { | ||
$msg = UPLOAD_PATH . '文件夹不存在,请手工创建!'; | ||
} | ||
} | ||
|
||
|
||
|
||
?> | ||
|
||
<div id="upload_panel"> | ||
<ol> | ||
<li> | ||
<h3>任务</h3> | ||
<p>上传一个<code>webshell</code>到服务器。</p> | ||
</li> | ||
<li> | ||
<h3>上传区</h3> | ||
<form enctype="multipart/form-data" method="post"> | ||
<p>请选择要上传的图片:<p> | ||
<input class="input_file" type="file" name="upload_file"/> | ||
<p>保存名称:<p> | ||
<input class="input_text" type="text" name="save_name" value="upload-20.jpg" /><br/> | ||
<input class="button" type="submit" name="submit" value="上传"/> | ||
</form> | ||
<div id="msg"> | ||
<?php | ||
if($msg != null){ | ||
echo "提示:".$msg; | ||
} | ||
?> | ||
</div> | ||
<div id="img"> | ||
<?php | ||
if($is_upload){ | ||
echo '<img src="'.$img_path.'" width="250px" />'; | ||
} | ||
?> | ||
</div> | ||
</li> | ||
<?php | ||
if($_GET['action'] == "show_code"){ | ||
include 'show_code.php'; | ||
} | ||
?> | ||
</ol> | ||
</div> | ||
|
||
<?php | ||
include '../footer.php'; | ||
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<li id="show_code"> | ||
<h3>代码</h3> | ||
<pre> | ||
<code class="line-numbers language-php">$is_upload = false; | ||
$msg = null; | ||
if(!empty($_FILES['upload_file'])){ | ||
//检查MIME | ||
$allow_type = array('image/jpeg','image/png','image/gif'); | ||
if(!in_array($_FILES['upload_file']['type'],$allow_type)){ | ||
$msg = "禁止上传该类型文件!"; | ||
}else{ | ||
//检查文件名 | ||
$file = empty($_POST['save_name']) ? $_FILES['upload_file']['name'] : $_POST['save_name']; | ||
if (!is_array($file)) { | ||
$file = explode('.', strtolower($file)); | ||
} | ||
|
||
$ext = end($file); | ||
$allow_suffix = array('jpg','png','gif'); | ||
if (!in_array($ext, $allow_suffix)) { | ||
$msg = "禁止上传该后缀文件!"; | ||
}else{ | ||
$file_name = reset($file) . '.' . $file[count($file) - 1]; | ||
$temp_file = $_FILES['upload_file']['tmp_name']; | ||
$img_path = UPLOAD_PATH . '/' .$file_name; | ||
if (move_uploaded_file($temp_file, $img_path)) { | ||
$msg = "文件上传成功!"; | ||
$is_upload = true; | ||
} else { | ||
$msg = "文件上传失败!"; | ||
} | ||
} | ||
} | ||
}else{ | ||
$msg = "请选择要上传的文件!"; | ||
} | ||
</code> | ||
</pre> | ||
</li> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters