Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
- // of $_FILES.
- $uploaddir = '/var/www/uploads/';
- $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
- echo '<pre>';
- if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
- echo "File is valid, and was successfully uploaded.\n";
- } else {
- echo "Possible file upload attack!\n";
- }
- echo 'Here is some more debugging info:';
- print_r($_FILES);
- print "</pre>";
- ?>
- // wireshark log....
- POST /test.php HTTP/1.1
- Content-Type: multipart/form-data; boundary=---------------------8cd540c8dc91f79
- Host: 192.168.1.4
- Content-Length: 885443
- -----------------------8cd540c8dc91f79
- Content-Disposition: form-data; name="file"; filename="Chrysanthemum.jpg"
- Content-Type: application/octet-stream
- ......JFIF.....`.`......Adobe.d.......*"Exif..MM.*.......2.........b.;.........vGF..........GI.......?...i.........~...........V..........................................................................................
- .....b...u...L..#.d._.... 3.o.&..-.<...u.2V...JR.4.$.....H.O....C.....M.y`.9.....9.%a.-....H..[....Ov.\iF.Q\1..d.X'.........<.N.......:a...f.9#.Q.1...Dz.]V'......+E.... ....>./.....,.,O...q.....Y..OR."X.....j(.w......h.{Z.[.-.+[Y..$...T..N.#5
- O<....p...@`..=....W.N...........XcD....*.h...,1....q..).Y.c......e..w.\..?Sj.{...k.'4:hh
- ...{E..^..6.......R.k.^.
- yS.=R.-M.E7.O.;.*.hX....&..{......3....C=......
- i\...S.Y$..i...k..$
- ..I..-FKT>
- N.x....I..3D..}J.?.,.$.].......*3.....=/-....X........1=2n.z<d2.L]dX..... W@%.
- ...G..i....C.Z..T...^k.|7.pV8.rF...j>.O?...v.......@.e...@...c.}... ..<H.P..3.{....j..!S..:.........Ic"G.}55.....Uy&.....w...*+S.P.......[..dv..b../.V......m.....:..sU.".jS.....F@q.....!S.S....G$.k"21a...B..,jF.UW$.Z..Iqw:.`4....^.YI.).}...E.....
- -----------------------8cd540c8dc91f79--
- HTTP/1.1 200 OK
- X-Powered-By: PHP/5.3.3-1ubuntu9.1
- Content-type: text/html
- Transfer-Encoding: chunked
- Date: Wed, 17 Nov 2010 00:19:01 GMT
- Server: lighttpd/1.4.26
- 133
- <pre>Possible file upload attack!
- Here is some more debugging info:Array
- (
- [file] => Array
- (
- [name] => Chrysanthemum.jpg
- [type] => application/octet-stream
- [tmp_name] => /tmp/phpRBETbL
- [error] => 0
- [size] => 885242
- )
- )
- </pre>
- 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement