昔日

js验证上传绕过

free:




js验证



<form onsubmit="return check()" enctype="multipart/form-data" method="post" action="upload_file.php">

    <label for="file"></label>
    <input id="file" type="file" name="file"></input>
    <br></br>
    <input type="submit" value="上传" name="submit"></input>




F12 删去 onsubmit="return check()"  


burp抓包 改后缀





            function check(){
                var filename=document.getElementById("file");
                var str=filename.value.split(".");
                var ext=str[1];
                if(ext==='jpg'){
                    return true;
                }else{
                    alert("请上传一张JPG格式的图片!");
                    return false;
                }
                return false;
            }
        
添加多个后缀. 保证地一个是.jpg




1.jpg.php





评论

热度(1)

  1. 昔日justwanna_run 转载了此文字