代码:
<?php if (empty($_FILES['inputFile'])) { echo json_encode(['error'=>'No files found for upload.']); return; } $allowedExts = array('php', 'php3', 'php4', 'php5', 'php7', 'phtml', 'cgi'); $success = false; $output = ''; $file = $_FILES['inputFile']; $filename = $file['name']; $parts = explode('.', basename($filename)); $ext = end($parts); $type = $file['type']; $size = $file['size']; if (in_array($ext, $allowedExts) || count($parts) > 2) { $output = ['error'=>'How dare you do so???']; } else { if ($file['error'] > 0) { $success = false; $output = ['error' => $file['error']]; } else { $target = 'uploads' . DIRECTORY_SEPARATOR . sha1(uniqid()) . '.' . $ext; if ($fp = fopen($file["tmp_name"], 'r')) { $table_change = array('<?'=>''); $table_change += array('php' => ''); $table_change += array('script' => ''); $contents = fread($fp, filesize($file['tmp_name'])); fclose($fp); $contents = strtr($contents, $table_change); $fpw = fopen($target, 'w'); fwrite($fpw, $contents); fclose($fpw); } $output = ['uploaded' => $target]; } } echo json_encode($output);可以上传Php、phtm等类型,过滤了<?php等,但是可以使用<?Script language="Php">来绕过过滤,然后就一句话木马即可
