Sobat Gempar69 akan membahas tentang cara simple mempatch PHP Arbitrary File Upload.
kebanyakan website yang vuln diupload memiliki garis besar seperti ini:
contoh simple upload.php file upload.
jadi kita bisa langsung saja upload shell.php
patching yg bisa dilakukan adalah menambahkan filter filetype dalam script upload.php
contohnya:
Happy Patching..
kebanyakan website yang vuln diupload memiliki garis besar seperti ini:
contoh simple upload.php file upload.
<?phpcontoh form yang dipake dalam file index untuk upload
$uploaddir = 'uploads/'; // Relative path under webroot
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "File uploading failed.\n";
}
?>
<form name="upload" action="upload1.php" method="POST" ENCTYPE="multipart/formdata">disini tidak ada code yang menfilter upload filetype
Select the file to upload: <input type="file" name="userfile">
<input type="submit" name="upload" value="upload">
</form>
jadi kita bisa langsung saja upload shell.php
patching yg bisa dilakukan adalah menambahkan filter filetype dalam script upload.php
contohnya:
<?phpuntuk "images/gif" bisa diganti dengan "images/jpg" dll...
if($_FILES['userfile']['type'] != "image/gif") {
echo "Sorry, we only allow uploading GIF images";
exit;
}
$uploaddir = 'uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "File uploading failed.\n";
}
?>
Happy Patching..
Posting Komentar