某模块未对上传文件类型进行验证。可上传任意文件8 X$ U1 _. T6 k, S; |' i
0 C& X5 j+ n9 V4 I9 R! c# ^
( j4 c4 k* s) G3 p$ [ ; k. }3 H, m; X( s8 v
代码产生位置
; S0 n9 ~% A0 @% c+ N9 E u" kapps\wap\Lib\Action\IndexAction.class.php
- T3 s# o; n; }2 \263行" q# { H1 a( @3 c3 q7 E% u* \
if(!empty($_FILES['pic']['name'])) { // 自动发一条图片微博1 g M" m" u" @; D
$data['pic'] = $_FILES['pic'];* Y, U5 s, a% N* d& w
$data['content'] = '图片分享';
' J- h# b" p. Y# @: r6 y9 a: u. q$data['from'] = $this->_type_wap; h$ ~/ G1 b j$ u, I
$res = api('Statuses')->data($data)->upload();
$ ~/ k" e6 q2 b}8 O; ~5 t- u6 `3 {: Y
5 W/ M1 p& x8 g6 p$ ]" {- U未对文件类型过滤, J$ B- J. L6 p, {# c6 C* {/ `
# J6 o/ Z( U1 f( y+ G访问wap 模块0 l" J6 k6 S6 ?3 `0 r
" F9 l. m! K/ R- V6 {1 w" n& e
; x$ ]: g3 N* z0 ~2 W' y发一条微博并传图8 N8 L p* N& s
+ t. d3 m2 S/ ]! @- m
firebug 地址9 g- z/ s. V4 A2 R( N5 C3 L8 a
0 m' @0 i5 W+ E1 V4 z0 O
( v5 g. ~( t c& }& Y6 D O- B3 V0 [
& K% i/ u' ^+ u1 t
去掉small_然后访问
1 t- |" ?( m3 ` M, d1 B5 o
. a V9 U r4 J6 Vhttp://www.myhack58.com/data/upl ... 7/50865d481c217.php, X. E6 p+ o& U+ \6 {! S8 G
' {! g2 h5 q, r' e + j1 N# r5 z4 T3 M/ L! @# p
6 i/ ]" A3 O. h4 r& r- F$ f$ ]修复方案:, X8 x% l" D: O- p0 t) O: B
( x9 F, O# e1 H2 K1 S4 [对上传类型要进行检查8 N& V9 M, a4 m/ m% a! z
+ j' t' Z3 J* u' O
/ l8 |! ^3 O/ ^8 e9 n* K
|