切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
217 php文件上传 js验证[复制链接]
发表于 2012-8-24 01:27:32 | 显示全部楼层 |!read_mode!
对于JS验证的类型 只需要抓包上传就行   密码 217dis9 http://115.com/file/dpa6ygcz#217.zip
其实本地修HTML表单 吧JS代码去掉就行

  1. root@ubuntu:/var/www# cat up1.php

  2. <SCRIPT LANGUAGE="JavaScript">
  3. function LimitAttach(form, file) {
  4. extArray = new Array(".gif");
  5. allowSubmit = false;
  6. if (!file) return;
  7. while (file.indexOf("\\") != -1)
  8. file = file.slice(file.indexOf("\\") + 1);
  9. ext = file.slice(file.indexOf(".")).toLowerCase();
  10. for (var i = 0; i < extArray.length; i++) {
  11. if (extArray[i] == ext) { allowSubmit = true; break; }
  12. }
  13. if (allowSubmit) form.submit();
  14. else
  15. alert("not gif!");
  16. }
  17. </script>
  18. </head>
  19. <body>
  20. <form method=post name=upform action="" enctype="multipart/form-data">
  21. <input name="upfile" type="file">
  22. <input type=button name="Submit" value="Submit" onclick="LimitAttach(this.form, this.form.upfile.value)">
  23. </form>
  24. </body>
  25. </html>
  26. <?php
  27. if (@is_uploaded_file($_FILES['upfile']['tmp_name'])){
  28. if( $_FILES['upfile']["error"] == 0 ){
  29. move_uploaded_file($_FILES['upfile']["tmp_name"],'./'.$_FILES['upfile']["name"]);
  30. echo "upload ok";
  31. }
  32. }
  33. ?>
  34. root@ubuntu:/var/www#
复制代码




操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-2 05:16

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部