PHP-file_put_contents文件操作
[英]PHP - file_put_contents file manipulation
问题描述
I'm trying to write a PHP file on a server and to bypass the extension in the end. 
我试图在服务器上编写PHP文件,并最终绕过扩展名。
This is the PHP file - 1.php: 这是PHP文件-1.php:
<?php
file_put_contents("folder\\".$GET['file'].".PNG",$_GET['content']);
?>
I'm trying to bypass the PNG extension and to write a PHP file. 我试图绕过PNG扩展名并编写一个PHP文件。 like this: 像这样:
1.php?file=attack.php%00&content=blabla
but it's not working 但它不起作用
I tried: 我试过了:
Null char (%00,%u0000)
Long filename
CRLF chars
space char
?,&,|,>,<,(,),{,},[,],\,!,~,:,; chars
backspace char
../
php protocol PHP协议
php://filter/write=convert.base64-decode/resource=1.php
(will not work because the folder in the begging) (因为该文件夹在乞讨中不起作用)
Anyone have any idea? 有人知道吗
Thanks! 谢谢!
1 个解决方案
解决方案1
0 2018-09-29 19:28:02
There are several fundamental problems here; 这里有几个基本问题。
- This code is very unsafe, I could set get as
../../1.phpand overwrite this file to do whatever I want.此代码非常不安全,我可以将get设置为../../1.php并覆盖此文件以执行所需的操作。 It appears that you're doing some security testing however, so I guess that may be the problem看来您正在执行一些安全性测试,所以我想可能是问题所在 - php is not a protocal, it's a language so
php://anythingshould not work.php不是协议,它是一种语言,因此php://anything不能正常工作。 -
folder\\\\doesn't make sense, what is this supposed to be/do?folder\\\\没有意义,这应该是/做什么?
That said though, for educational purposes prepending ../../ should allow you to escape out of the folder/ directory. ,虽然说,对于教育目的前面加上../../应该让你逃脱出来的folder/目录。
For example if this is in /home/Zak/mytest/ with the expectation of a directory within that called folder designated to store these PNG files, then a file of ../../zak_homedir should put a file at /home/Zak/zak_homedir.PNG due to relative path resolution. 例如,如果该文件位于/home/Zak/mytest/ ,并且期望该调用folder指定用于存储这些PNG文件,则../../zak_homedir file应将文件放在/home/Zak/zak_homedir.PNG由于相对路径解析。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.