Upload 코드의 흔한 실수

Web 2016. 3. 7. 10:56
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<!--?php
/*
Uploadify v3.0.0
Copyright (c) 2010 Ronnie Garcia, Travis Nickels
 
$targetFolder = '/uploads'; // Relative to the root
 
if (!empty($_FILES)) {
    $tempFile = $_FILES['Filedata']['tmp_name'];
    $path = __FILE__;
    $pathwp = explode( 'Premium_Gallery_Manager', $path );
$wp_url = $pathwp[0].'Premium_Gallery_Manager/uploads/pgallery';
$targetPath = $wp_url;
 
    $targetFile = rtrim($targetPath,'/') . $_FILES['Filedata']['name'];
     
    // Validate the file type
    $fileTypes = array('jpg','jpeg','gif','png'); // File extensions
    $fileParts = pathinfo($_FILES['Filedata']['name']);
     
    if (in_array($fileParts['extension'],$fileTypes)) {
        move_uploaded_file($tempFile,$targetFile);
        echo '1';
    } else {
        echo 'Invalid file type.';
    }
}
?-->
확장자'만' Whitelist로 검사하여 맞으면 통과시키는 방식..

'Web' 카테고리의 다른 글

Webhacking Study - no more BLIND  (6) 2017.04.18
SQLi.py  (0) 2016.11.02
Custom Webshell  (0) 2016.02.12
SQL Injection Study  (3) 2015.11.13
PHP web development tips and tricks  (0) 2015.11.13
Posted by IzayoiSakuya
,

티스토리툴바