免费视频淫片aa毛片_日韩高清在线亚洲专区vr_日韩大片免费观看视频播放_亚洲欧美国产精品完整版

1.js 驗(yàn)證

修改js

2.后綴名黑名單

比如：

$deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess");

語(yǔ)言可解析后綴

|asp/aspx|asp,aspx,asa,asax,ascx,ashx,asmx,cer,aSp,aSpx,aSa,aSax,aScx,aShx,aSmx,cEr| |php|php,php5,php4,php3,php2,pHp,pHp5,pHp4,pHp3,pHp2,html,htm,phtml,pht,Html,Htm,pHtml| |jsp|jsp,jspa,jspx,jsw,jsv,jspf,jtml,jSp,jSpx,jSpa,jSw,jSv,jSpf,jHtml|

大小寫，雙寫替換，加空格 test.php空格

3.后綴名白名單

%00 截?cái)?繞過(guò)白名單

雙重?cái)U(kuò)展來(lái)上傳文件（shell.jpg.php）。

4. MIMETYPE 類型檢查

content-type 校驗(yàn)

5.頭文件檢查

 IF89a 判斷是否是圖片文件

6.命名規(guī)則

（1）上傳不符合windows文件命名規(guī)則的文件名

　　test.asp.

　　test.asp(空格)

　　test.php:1.jpg

　　test.php::$DATA

　　shell.php::$DATA…….

會(huì)被windows系統(tǒng)自動(dòng)去掉不符合規(guī)則符號(hào)后面的內(nèi)容。

（2）linux下后綴名大小寫

在linux下，如果上傳php不被解析，可以試試上傳pHp后綴的文件名。

7.解析漏洞

x.php.zz.xx apache 會(huì)從右到左解析直到遇到能解析的后綴

1.IIS6.0在解析asp時(shí)有兩個(gè)解析漏洞，一個(gè)是如果任意目錄名包含.asp字符串，那么這個(gè)目錄下的所有文件都會(huì)按照asp去解析，另一個(gè)是文件名中含有asp;就會(huì)優(yōu)先當(dāng)作asp來(lái)解析

2.IIS7.0/7.5對(duì)php解析有類似Nginx的解析漏洞只要對(duì)任意文件名在url后面追加上字符串/任意文件名.php就會(huì)按照php去解析