检测 PHP 文件上传是否成功的例子代码存在问题 #109
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
如果%s不加引号,并且randomStr()生成的随机字符串是数字开头,则md5会失败。文件上传成功但验证失败,则上传的文件没有自动删除。所以以前用到这种方式的poc都要检查修正一下。
|
Thanks @harnnless . Could you show us the console errors ? |
|
token 是随机生成的 token为数字1开头会失败,如果加上引号就没关系。pocsuite里的webshell没这个问题,只是例子代码没加引号而已。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
如果%s不加引号,并且randomStr()生成的随机字符串是数字开头,则md5会失败。文件上传成功但验证失败,则上传的文件没有自动删除。所以以前用到这种方式的poc都要检查修正一下。