精华内容
参与话题
问答
  • upload-labs通关记录

    万次阅读 多人点赞 2019-06-20 10:40:35
    Pass-1 源码: 因为是前端js校验,因此可以直接禁用js 或者用burp抓包修改文件类型(上传1.jpg修改为1.php) Pass-2 源码: 仅仅判断content-type类型,因此上传1.php抓...$is_upload = false; $msg =...

    upload-labs源码地址:https://github.com/c0ny1/upload-labs
    在这里插入图片描述

    Pass-1-js检查

    源码:
    在这里插入图片描述因为是前端js校验,因此可以直接禁用js
    或者用burp抓包修改文件类型(上传1.jpg修改为1.php)
    在这里插入图片描述
    在这里插入图片描述

    Pass-2-只验证Content-type

    源码:

    在这里插入图片描述
    仅仅判断content-type类型,因此上传1.php抓包修改content-type为图片类型:image/jpeg、image/png、image/gif

    在这里插入图片描述
    在这里插入图片描述

    Pass-3-黑名单绕过

    源码:

    $is_upload = false;
    $msg = null;
    if (isset($_POST['submit'])) {
        if (file_exists(UPLOAD_PATH)) {
            $deny_ext = array('.asp','.aspx','.php','.jsp');
            $file_name = trim($_FILES['upload_file']['name']);
            $file_name = deldot($file_name);//删除文件名末尾的点
            $file_ext = strrchr($file_name, '.');
            $file_ext = strtolower($file_ext); //转换为小写
            $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
            $file_ext = trim($file_ext); //收尾去空
    
            if(!in_array($file_ext, $deny_ext)) {
                $temp_file = $_FILES['upload_file']['tmp_name'];
                $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;            
                if (move_uploaded_file($temp_file,$img_path)) {
                     $is_upload = true;
                } else {
                    $msg = '上传出错!';
                }
            } else {
                $msg = '不允许上传.asp,.aspx,.php,.jsp后缀文件!';
            }
        } else {
            $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
        }
    }
    
    

    用黑名单不允许上传.asp,.aspx,.php,.jsp后缀的文件
    但可以上传.phtml .phps .php5 .pht
    前提是apache的httpd.conf中有如下配置代码

    AddType application/x-httpd-php .php .phtml .phps .php5 .pht
    

    因此抓包修改为1.php5上传,回复包里有上传路径
    在这里插入图片描述
    在这里插入图片描述

    Pass-4-.htaccess绕过

    源码:

    $is_upload = false;
    $msg = null;
    if (isset($_POST['submit'])) {
        if (file_exists(UPLOAD_PATH)) {
            $deny_ext = array(".php",".php5",".php4",".php3",".php2","php1",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2","pHp1",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf");
            $file_name = trim($_FILES['upload_file']['name']);
            $file_name = deldot($file_name);//删除文件名末尾的点
            $file_ext = strrchr($file_name, '.');
            $file_ext = strtolower($file_ext); //转换为小写
            $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
            $file_ext = trim($file_ext); //收尾去空
    
            if (!in_array($file_ext, $deny_ext)) {
                $temp_file = $_FILES['upload_file']['tmp_name'];
                $img_path = UPLOAD_PATH.'/'.$file_name;
                if (move_uploaded_file($temp_file, $img_path)) {
                    $is_upload = true;
                } else {
                    $msg = '上传出错!';
                }
            } else {
                $msg = '此文件不允许上传!';
            }
        } else {
            $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
        }
    }
    
    

    黑名单拒绝了几乎所有有问题的后缀名,除了.htaccess
    前提条件(1.mod_rewrite模块开启。2.AllowOverride All
    因此先上传一个.htaccess文件,内容如下:

    SetHandler application/x-httpd-php 
    

    这样所有文件都会当成php来解析
    在这里插入图片描述
    在这里插入图片描述
    在这里插入图片描述

    Pass-5-大小写绕过

    源码:

    $is_upload = false;
    $msg = null;
    if (isset($_POST['submit'])) {
        if (file_exists(UPLOAD_PATH)) {
            $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess");
            $file_name = trim($_FILES['upload_file']['name']);
            $file_name = deldot($file_name);//删除文件名末尾的点
            $file_ext = strrchr($file_name, '.');
            $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
            $file_ext = trim($file_ext); //首尾去空
    
            if (!in_array($file_ext, $deny_ext)) {
                $temp_file = $_FILES['upload_file']['tmp_name'];
                $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
                if (move_uploaded_file($temp_file, $img_path)) {
                    $is_upload = true;
                } else {
                    $msg = '上传出错!';
                }
            } else {
                $msg = '此文件类型不允许上传!';
            }
        } else {
            $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
        }
    }
    
    

    相比于pass-4,过滤了.htaccess,但将后缀转换为小写去掉了,因此可以使用大小绕过
    在这里插入图片描述
    在这里插入图片描述

    Pass-6-空格绕过

    源码:

    $is_upload = false;
    $msg = null;
    if (isset($_POST['submit'])) {
        if (file_exists(UPLOAD_PATH)) {
            $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess");
            $file_name = $_FILES['upload_file']['name'];
            $file_name = deldot($file_name);//删除文件名末尾的点
            $file_ext = strrchr($file_name, '.');
            $file_ext = strtolower($file_ext); //转换为小写
            $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
            
            if (!in_array($file_ext, $deny_ext)) {
                $temp_file = $_FILES['upload_file']['tmp_name'];
                $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
                if (move_uploaded_file($temp_file,$img_path)) {
                    $is_upload = true;
                } else {
                    $msg = '上传出错!';
                }
            } else {
                $msg = '此文件不允许上传';
            }
        } else {
            $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
        }
    }
    
    

    相比于前两题,这题没有对后缀名进行去空,因此可以在后缀名加空格绕过
    在这里插入图片描述
    在这里插入图片描述

    Pass-7-点绕过

    源码:

    $is_upload = false;
    $msg = null;
    if (isset($_POST['submit'])) {
        if (file_exists(UPLOAD_PATH)) {
            $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess");
            $file_name = trim($_FILES['upload_file']['name']);
            $file_ext = strrchr($file_name, '.');
            $file_ext = strtolower($file_ext); //转换为小写
            $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
            $file_ext = trim($file_ext); //首尾去空
            
            if (!in_array($file_ext, $deny_ext)) {
                $temp_file = $_FILES['upload_file']['tmp_name'];
                $img_path = UPLOAD_PATH.'/'.$file_name;
                if (move_uploaded_file($temp_file, $img_path)) {
                    $is_upload = true;
                } else {
                    $msg = '上传出错!';
                }
            } else {
                $msg = '此文件类型不允许上传!';
            }
        } else {
            $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
        }
    }
    
    

    没有对后缀名末尾的点进行处理,利用windows特性,会自动去掉后缀名中最后的”.”,可在后缀名中加”.”绕过:
    在这里插入图片描述
    在这里插入图片描述

    Pass-8-::$DATA绕过

    源码:

    $is_upload = false;
    $msg = null;
    if (isset($_POST['submit'])) {
        if (file_exists(UPLOAD_PATH)) {
            $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess");
            $file_name = trim($_FILES['upload_file']['name']);
            $file_name = deldot($file_name);//删除文件名末尾的点
            $file_ext = strrchr($file_name, '.');
            $file_ext = strtolower($file_ext); //转换为小写
            $file_ext = trim($file_ext); //首尾去空
            
            if (!in_array($file_ext, $deny_ext)) {
                $temp_file = $_FILES['upload_file']['tmp_name'];
                $img_path = UPLOAD_PATH.'/'.date("YmdHis").rand(1000,9999).$file_ext;
                if (move_uploaded_file($temp_file, $img_path)) {
                    $is_upload = true;
                } else {
                    $msg = '上传出错!';
                }
            } else {
                $msg = '此文件类型不允许上传!';
            }
        } else {
            $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
        }
    }
    
    

    没有对后缀名中的’::$DATA’进行过滤。在php+windows的情况下:如果文件名+"::$DATA"会把::$DATA之后的数据当成文件流处理,不会检测后缀名.且保持"::$DATA"之前的文件名。利用windows特性,可在后缀名中加” ::$DATA”绕过:
    在这里插入图片描述
    在这里插入图片描述

    Pass-9-点+空格+点绕过

    源码:

    $is_upload = false;
    $msg = null;
    if (isset($_POST['submit'])) {
        if (file_exists(UPLOAD_PATH)) {
            $deny_ext = array(".php",".php5",".php4",".php3",".php2",".html",".htm",".phtml",".pht",".pHp",".pHp5",".pHp4",".pHp3",".pHp2",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf",".htaccess");
            $file_name = trim($_FILES['upload_file']['name']);
            $file_name = deldot($file_name);//删除文件名末尾的点
            $file_ext = strrchr($file_name, '.');
            $file_ext = strtolower($file_ext); //转换为小写
            $file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA
            $file_ext = trim($file_ext); //首尾去空
            
            if (!in_array($file_ext, $deny_ext)) {
                $temp_file = $_FILES['upload_file']['tmp_name'];
                $img_path = UPLOAD_PATH.'/'.$file_name;
                if (move_uploaded_file($temp_file, $img_path)) {
                    $is_upload = true;
                } else {
                    $msg = '上传出错!';
                }
            } else {
                $msg = '此文件类型不允许上传!';
            }
        } else {
            $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
        }
    }
    
    

    代码先是去除文件名前后的空格,再去除文件名最后所有的.,再通过strrchar函数来寻找.来确认文件名的后缀,但是最后保存文件的时候没有重命名而使用的原始的文件名,导致可以利用1.php. .(点+空格+点)来绕过
    在这里插入图片描述
    在这里插入图片描述

    Pass-10-双写绕过

    源码:

    $is_upload = false;
    $msg = null;
    if (isset($_POST['submit'])) {
        if (file_exists(UPLOAD_PATH)) {
            $deny_ext = array("php","php5","php4","php3","php2","html","htm","phtml","pht","jsp","jspa","jspx","jsw","jsv","jspf","jtml","asp","aspx","asa","asax","ascx","ashx","asmx","cer","swf","htaccess");
    
            $file_name = trim($_FILES['upload_file']['name']);
            $file_name = str_ireplace($deny_ext,"", $file_name);
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = UPLOAD_PATH.'/'.$file_name;        
            if (move_uploaded_file($temp_file, $img_path)) {
                $is_upload = true;
            } else {
                $msg = '上传出错!';
            }
        } else {
            $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
        }
    }
    
    

    黑名单过滤,将黑名单里的后缀名替换为空且只替换一次,因此可以用双写绕过
    在这里插入图片描述
    在这里插入图片描述

    Pass-11-00截断

    源码:

    $is_upload = false;
    $msg = null;
    if(isset($_POST['submit'])){
        $ext_arr = array('jpg','png','gif');
        $file_ext = substr($_FILES['upload_file']['name'],strrpos($_FILES['upload_file']['name'],".")+1);
        if(in_array($file_ext,$ext_arr)){
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = $_GET['save_path']."/".rand(10, 99).date("YmdHis").".".$file_ext;
    
            if(move_uploaded_file($temp_file,$img_path)){
                $is_upload = true;
            } else {
                $msg = '上传出错!';
            }
        } else{
            $msg = "只允许上传.jpg|.png|.gif类型文件!";
        }
    }
    
    

    白名单判断,但$img_path是直接拼接,因此可以利用%00截断绕过。

    $img_path = $_GET['save_path']."/".rand(10, 99).date("YmdHis").".".$file_ext;
    截断条件:php版本小于5.3.4,php的magic_quotes_gpc为OFF状态
    

    在这里插入图片描述
    在这里插入图片描述

    Pass-12-00截断

    源码:

    $is_upload = false;
    $msg = null;
    if(isset($_POST['submit'])){
        $ext_arr = array('jpg','png','gif');
        $file_ext = substr($_FILES['upload_file']['name'],strrpos($_FILES['upload_file']['name'],".")+1);
        if(in_array($file_ext,$ext_arr)){
            $temp_file = $_FILES['upload_file']['tmp_name'];
            $img_path = $_POST['save_path']."/".rand(10, 99).date("YmdHis").".".$file_ext;
    
            if(move_uploaded_file($temp_file,$img_path)){
                $is_upload = true;
            } else {
                $msg = "上传失败";
            }
        } else {
            $msg = "只允许上传.jpg|.png|.gif类型文件!";
        }
    }
    
    

    save_path参数通过POST方式传递,还是利用00截断,因为POST不会像GET对%00进行自动解码,所以需要在二进制中进行修改。
    在这里插入图片描述

    在这里插入图片描述
    在这里插入图片描述

    Pass-13-图片马绕过

    源码:

    function getReailFileType($filename){
        $file = fopen($filename, "rb");
        $bin = fread($file, 2); //只读2字节
        fclose($file);
        $strInfo = @unpack("C2chars", $bin);    
        $typeCode = intval($strInfo['chars1'].$strInfo['chars2']);    
        $fileType = '';    
        switch($typeCode){      
            case 255216:            
                $fileType = 'jpg';
                break;
            case 13780:            
                $fileType = 'png';
                break;        
            case 7173:            
                $fileType = 'gif';
                break;
            default:            
                $fileType = 'unknown';
            }    
            return $fileType;
    }
    
    $is_upload = false;
    $msg = null;
    if(isset($_POST['submit'])){
        $temp_file = $_FILES['upload_file']['tmp_name'];
        $file_type = getReailFileType($temp_file);
    
        if($file_type == 'unknown'){
            $msg = "文件未知,上传失败!";
        }else{
            $img_path = UPLOAD_PATH."/".rand(10, 99).date("YmdHis").".".$file_type;
            if(move_uploaded_file($temp_file,$img_path)){
                $is_upload = true;
            } else {
                $msg = "上传出错!";
            }
        }
    }
    
    

    通过读文件的前2个字节判断文件类型,因此直接上传图片马即可,制作图片马:

    copy 22.jpg /b + 1.php /a shell.jpg

    在这里插入图片描述
    直接访问图片并不能把图片当做PHP解析,因此还需要利用文件包含漏洞

    ##include.php
    <?php
    /*
    本页面存在文件包含漏洞,用于测试图片马是否能正常运行!
    */
    header("Content-Type:text/html;charset=utf-8");
    $file = $_GET['file'];
    if(isset($file)){
        include $file;
    }else{
        show_source(__file__);
    }
    ?>

    在这里插入图片描述

    Pass-14-getimagesize()-图片马

    源码:

    function isImage($filename){
        $types = '.jpeg|.png|.gif';
        if(file_exists($filename)){
            $info = getimagesize($filename);
            $ext = image_type_to_extension($info[2]);
            if(stripos($types,$ext)>=0){
                return $ext;
            }else{
                return false;
            }
        }else{
            return false;
        }
    }
    
    $is_upload = false;
    $msg = null;
    if(isset($_POST['submit'])){
        $temp_file = $_FILES['upload_file']['tmp_name'];
        $res = isImage($temp_file);
        if(!$res){
            $msg = "文件未知,上传失败!";
        }else{
            $img_path = UPLOAD_PATH."/".rand(10, 99).date("YmdHis").$res;
            if(move_uploaded_file($temp_file,$img_path)){
                $is_upload = true;
            } else {
                $msg = "上传出错!";
            }
        }
    }
    
    

    这题是用getimagesize函数判断文件类型,还是可以图片马绕过,方法同pass-13
    在这里插入图片描述

    Pass-15-exif_imagetype()-图片马

    源码:

    function isImage($filename){
        //需要开启php_exif模块
        $image_type = exif_imagetype($filename);
        switch ($image_type) {
            case IMAGETYPE_GIF:
                return "gif";
                break;
            case IMAGETYPE_JPEG:
                return "jpg";
                break;
            case IMAGETYPE_PNG:
                return "png";
                break;    
            default:
                return false;
                break;
        }
    }
    
    $is_upload = false;
    $msg = null;
    if(isset($_POST['submit'])){
        $temp_file = $_FILES['upload_file']['tmp_name'];
        $res = isImage($temp_file);
        if(!$res){
            $msg = "文件未知,上传失败!";
        }else{
            $img_path = UPLOAD_PATH."/".rand(10, 99).date("YmdHis").".".$res;
            if(move_uploaded_file($temp_file,$img_path)){
                $is_upload = true;
            } else {
                $msg = "上传出错!";
            }
        }
    }
    
    

    这里用到php_exif模块来判断文件类型,用图片马绕过,方法同pass-13
    在这里插入图片描述

    Pass-16-二次渲染绕过

    源码:

    $is_upload = false;
    $msg = null;
    if (isset($_POST['submit'])){
        // 获得上传文件的基本信息,文件名,类型,大小,临时文件路径
        $filename = $_FILES['upload_file']['name'];
        $filetype = $_FILES['upload_file']['type'];
        $tmpname = $_FILES['upload_file']['tmp_name'];
    
        $target_path=UPLOAD_PATH.'/'.basename($filename);
    
        // 获得上传文件的扩展名
        $fileext= substr(strrchr($filename,"."),1);
    
        //判断文件后缀与类型,合法才进行上传操作
        if(($fileext == "jpg") && ($filetype=="image/jpeg")){
            if(move_uploaded_file($tmpname,$target_path)){
                //使用上传的图片生成新的图片
                $im = imagecreatefromjpeg($target_path);
    
                if($im == false){
                    $msg = "该文件不是jpg格式的图片!";
                    @unlink($target_path);
                }else{
                    //给新图片指定文件名
                    srand(time());
                    $newfilename = strval(rand()).".jpg";
                    //显示二次渲染后的图片(使用用户上传图片生成的新图片)
                    $img_path = UPLOAD_PATH.'/'.$newfilename;
                    imagejpeg($im,$img_path);
                    @unlink($target_path);
                    $is_upload = true;
                }
            } else {
                $msg = "上传出错!";
            }
    
        }else if(($fileext == "png") && ($filetype=="image/png")){
            if(move_uploaded_file($tmpname,$target_path)){
                //使用上传的图片生成新的图片
                $im = imagecreatefrompng($target_path);
    
                if($im == false){
                    $msg = "该文件不是png格式的图片!";
                    @unlink($target_path);
                }else{
                     //给新图片指定文件名
                    srand(time());
                    $newfilename = strval(rand()).".png";
                    //显示二次渲染后的图片(使用用户上传图片生成的新图片)
                    $img_path = UPLOAD_PATH.'/'.$newfilename;
                    imagepng($im,$img_path);
    
                    @unlink($target_path);
                    $is_upload = true;               
                }
            } else {
                $msg = "上传出错!";
            }
    
        }else if(($fileext == "gif") && ($filetype=="image/gif")){
            if(move_uploaded_file($tmpname,$target_path)){
                //使用上传的图片生成新的图片
                $im = imagecreatefromgif($target_path);
                if($im == false){
                    $msg = "该文件不是gif格式的图片!";
                    @unlink($target_path);
                }else{
                    //给新图片指定文件名
                    srand(time());
                    $newfilename = strval(rand()).".gif";
                    //显示二次渲染后的图片(使用用户上传图片生成的新图片)
                    $img_path = UPLOAD_PATH.'/'.$newfilename;
                    imagegif($im,$img_path);
    
                    @unlink($target_path);
                    $is_upload = true;
                }
            } else {
                $msg = "上传出错!";
            }
        }else{
            $msg = "只允许上传后缀为.jpg|.png|.gif的图片文件!";
        }
    }
    
    

    判断了后缀名、content-type,以及利用imagecreatefromgif判断是否为gif图片,最后再做了一次二次渲染,具体可以参考这篇文章,可是在复现的时候还是因为二次渲染以后php代码还是出被修改。

    Pass-17-条件竞争

    源码:

    $is_upload = false;
    $msg = null;
    
    if(isset($_POST['submit'])){
        $ext_arr = array('jpg','png','gif');
        $file_name = $_FILES['upload_file']['name'];
        $temp_file = $_FILES['upload_file']['tmp_name'];
        $file_ext = substr($file_name,strrpos($file_name,".")+1);
        $upload_file = UPLOAD_PATH . '/' . $file_name;
    
        if(move_uploaded_file($temp_file, $upload_file)){
            if(in_array($file_ext,$ext_arr)){
                 $img_path = UPLOAD_PATH . '/'. rand(10, 99).date("YmdHis").".".$file_ext;
                 rename($upload_file, $img_path);
                 $is_upload = true;
            }else{
                $msg = "只允许上传.jpg|.png|.gif类型文件!";
                unlink($upload_file);
            }
        }else{
            $msg = '上传出错!';
        }
    }
    
    

    这里是条件竞争,先将文件上传到服务器,然后判断文件后缀是否在白名单里,如果在则重命名,否则删除,因此我们可以上传1.php只需要在它删除之前访问即可,可以利用burp的intruder模块不断上传,然后我们不断的访问刷新该地址即可
    在这里插入图片描述
    在这里插入图片描述

    Pass-18-条件竞争

    源码:

    //index.php
    $is_upload = false;
    $msg = null;
    if (isset($_POST['submit']))
    {
        require_once("./myupload.php");
        $imgFileName =time();
        $u = new MyUpload($_FILES['upload_file']['name'], $_FILES['upload_file']['tmp_name'], $_FILES['upload_file']['size'],$imgFileName);
        $status_code = $u->upload(UPLOAD_PATH);
        switch ($status_code) {
            case 1:
                $is_upload = true;
                $img_path = $u->cls_upload_dir . $u->cls_file_rename_to;
                break;
            case 2:
                $msg = '文件已经被上传,但没有重命名。';
                break; 
            case -1:
                $msg = '这个文件不能上传到服务器的临时文件存储目录。';
                break; 
            case -2:
                $msg = '上传失败,上传目录不可写。';
                break; 
            case -3:
                $msg = '上传失败,无法上传该类型文件。';
                break; 
            case -4:
                $msg = '上传失败,上传的文件过大。';
                break; 
            case -5:
                $msg = '上传失败,服务器已经存在相同名称文件。';
                break; 
            case -6:
                $msg = '文件无法上传,文件不能复制到目标目录。';
                break;      
            default:
                $msg = '未知错误!';
                break;
        }
    }
    
    //myupload.php
    class MyUpload{
    ......
    ......
    ...... 
      var $cls_arr_ext_accepted = array(
          ".doc", ".xls", ".txt", ".pdf", ".gif", ".jpg", ".zip", ".rar", ".7z",".ppt",
          ".html", ".xml", ".tiff", ".jpeg", ".png" );
    
    ......
    ......
    ......  
      /** upload()
       **
       ** Method to upload the file.
       ** This is the only method to call outside the class.
       ** @para String name of directory we upload to
       ** @returns void
      **/
      function upload( $dir ){
        
        $ret = $this->isUploadedFile();
        
        if( $ret != 1 ){
          return $this->resultUpload( $ret );
        }
    
        $ret = $this->setDir( $dir );
        if( $ret != 1 ){
          return $this->resultUpload( $ret );
        }
    
        $ret = $this->checkExtension();
        if( $ret != 1 ){
          return $this->resultUpload( $ret );
        }
    
        $ret = $this->checkSize();
        if( $ret != 1 ){
          return $this->resultUpload( $ret );    
        }
        
        // if flag to check if the file exists is set to 1
        
        if( $this->cls_file_exists == 1 ){
          
          $ret = $this->checkFileExists();
          if( $ret != 1 ){
            return $this->resultUpload( $ret );    
          }
        }
    
        // if we are here, we are ready to move the file to destination
    
        $ret = $this->move();
        if( $ret != 1 ){
          return $this->resultUpload( $ret );    
        }
    
        // check if we need to rename the file
    
        if( $this->cls_rename_file == 1 ){
          $ret = $this->renameFile();
          if( $ret != 1 ){
            return $this->resultUpload( $ret );    
          }
        }
        
        // if we are here, everything worked as planned :)
    
        return $this->resultUpload( "SUCCESS" );
      
      }
    ......
    ......
    ...... 
    };
    
    

    在这里插入图片描述
    因此也存在条件竞争的问题,不过这题对文件后缀名做了白名单判断,然后会一步一步检查文件大小、文件是否存在等等,因此可以通过不断上传图片马,由于条件竞争可能来不及重命名,从而上传成功。

    在这里插入图片描述
    在这里插入图片描述

    Pass-19-00截断

    源码:

    $is_upload = false;
    $msg = null;
    if (isset($_POST['submit'])) {
        if (file_exists(UPLOAD_PATH)) {
            $deny_ext = array("php","php5","php4","php3","php2","html","htm","phtml","pht","jsp","jspa","jspx","jsw","jsv","jspf","jtml","asp","aspx","asa","asax","ascx","ashx","asmx","cer","swf","htaccess");
    
            $file_name = $_POST['save_name'];
            $file_ext = pathinfo($file_name,PATHINFO_EXTENSION);
    
            if(!in_array($file_ext,$deny_ext)) {
                $temp_file = $_FILES['upload_file']['tmp_name'];
                $img_path = UPLOAD_PATH . '/' .$file_name;
                if (move_uploaded_file($temp_file, $img_path)) { 
                    $is_upload = true;
                }else{
                    $msg = '上传出错!';
                }
            }else{
                $msg = '禁止保存为该类型文件!';
            }
    
        } else {
            $msg = UPLOAD_PATH . '文件夹不存在,请手工创建!';
        }
    }
    
    

    发现move_uploaded_file()函数中的img_path是由post参数save_name控制的,因此可以在save_name利用00截断绕过,方法同pass-12

    在这里插入图片描述
    在这里插入图片描述

    在这里插入图片描述

    展开全文
  • upload上传图片

    千次阅读 2018-04-24 17:08:07
    子组件 (ImageUpload.vue): &amp;amp;lt;template&amp;amp;gt; &amp;amp;lt;div&amp;amp;gt; &amp;amp;lt;div class=&amp;quot;flex-img&amp;quot;&amp;amp;gt; &am

    需求分析:
    1.添加商品页面可以添加图片
    2.编辑商品页面可以编辑图片(原来的图片列表上)

    子组件 (ImageUpload.vue):

    <template>
        <div>
            <div class="flex-img">
                <div class="flex-img__item" v-for="(image,index) of imageList" :key="index">
                    <div>
                        <img class="flex-img__image" :src="image">
                    </div>
                    <i class="el-icon-error right-up" @click.stop="handleRemove(index)"></i>
                </div>
    
                <el-upload
                        :action="uploadUrl"
                        :show-file-list="false"
                        accept="image/jpeg,image/jpg,image/png"
                        list-type="picture-card"
                        :limit="imgNumber"
                        :on-success="handleSuccess"
                        :before-upload="beforeUpload">
                    <i class="el-icon-plus"></i>
                </el-upload>
            </div>
    
            <div slot="tip" class="el-upload__tip">只能上传jpg/png文件,且不超过1M</div>
        </div>
    </template>
    
    <script>
        export default {
            props: {
                imageList: Array,
                clearList: Number,
                imgNumber: Number
            },
            data() {
                return {
                    uploadUrl: 'http://xxxx.xxx.xx/api/upload',
                    fileList: this.imageList ? this.imageList : [],
                };
            },
            watch: {
                imageList(value) {
                        this.fileList = value;
                },
                clearList() {
                    this.fileList = [];
                },
                fileList(value) {
                    this.$emit('update:imageList', value);
                }
            },
            methods: {
                handleRemove(index) {
                    this.fileList.splice(index, 1);
                },
                handleSuccess(response) {
                    this.fileList.push(response.url);
                },
                beforeUpload(file){
                    const imageSize = file.size / 1024 / 1024 < 1;
                    if(!imageSize){
                        this.$message.error('上传封面大小不能超过 1MB!');
                    }
                    return imageSize;
                }
            }
        };
    </script>
    
    <style scoped>
        .flex-img
        {
            display: flex;
        }
        .flex-img__item
        {
            position: relative;
    
            box-sizing: border-box;
            width: 148px;
            height: 148px;
            margin: 0 8px 8px 0;
    
            border: 1px solid #c0ccda;
            border-radius: 6px;
            background-color: #fff;
        }
        .right-up
        {
            position: absolute;
            z-index: 1024;
            top: -5px;
            right: -5px;
        }
        .flex-img__image
        {
            width: 146px;
            height: 146px;
    
            border-radius: 6px;
        }
    
    </style>

    父组件:

    <template>
      <div>
         <image-upload :imageList.sync="imageShows" :clearList="clearList"></image-upload>
      </div>
    </template>
    <script>
    import ImageUpload from '../../components/ImageUpload.vue';
    export default{
      components:{
         ImageUpload
      },
      data(){
         clearList:null,//清除图片列表
         imageShows:[]//图片列表
      },
      methods:{
        resetForm(){
          this.clearList = Math.random();//给一个随机数就能清除
        }
      }
    }
    </script>

    报错信息:app.js:1608 [Vue warn]: Error in callback for watcher “fileList”: “TypeError: Cannot create property ‘uid’ on string ‘https://xxx.jpeg‘”
    app.js:2724 TypeError: Cannot create property ‘uid’ on string ‘https://xxx.jpeg
    解决办法:子组件修改方法handleSuccess
    handleSuccess(response) {
    this.fileList.push({response.url});//多了 { },因为它要的是数组,那就传数组进去
    },

    展开全文
  • 组件-Element—Upload(上传)

    千次阅读 2019-07-03 14:56:07
    组件-Element—Upload 组件—上传 点击上传 <el-upload class="upload-demo" action="https://jsonplaceholder.typicode.com/posts/" :on-preview="handlePreview" :on-remove="handleRemove" ...

    组件-Element—Upload(上传)

    组件—上传

    1. 点击上传
      在这里插入图片描述

      <el-upload
        class="upload-demo"
        action="https://jsonplaceholder.typicode.com/posts/"
        :on-preview="handlePreview"
        :on-remove="handleRemove"
        :before-remove="beforeRemove"
        multiple
        :limit="3"
        :on-exceed="handleExceed"
        :file-list="fileList">
        <el-button size="small" type="primary">点击上传</el-button>
        <div slot="tip" class="el-upload__tip">只能上传jpg/png文件,且不超过500kb</div>
      </el-upload>
      <script>
        export default {
          data() {
            return {
              fileList: [{name: 'food.jpeg', url: 'https://fuss10.elemecdn.com/3/63/4e7f3a15429bfda99bce42a18cdd1jpeg.jpeg?imageMogr2/thumbnail/360x360/format/webp/quality/100'}, {name: 'food2.jpeg', url: 'https://fuss10.elemecdn.com/3/63/4e7f3a15429bfda99bce42a18cdd1jpeg.jpeg?imageMogr2/thumbnail/360x360/format/webp/quality/100'}]
            };
          },
          methods: {
            handleRemove(file, fileList) {
              console.log(file, fileList);
            },
            handlePreview(file) {
              console.log(file);
            },
            handleExceed(files, fileList) {
              this.$message.warning(`当前限制选择 3 个文件,本次选择了 ${files.length} 个文件,共选择了 ${files.length + fileList.length} 个文件`);
            },
            beforeRemove(file, fileList) {
              return this.$confirm(`确定移除 ${ file.name }?`);
            }
          }
        }
      </script>
      
    2. 用户头像上传
      在这里插入图片描述

      <el-upload
        class="avatar-uploader"
        action="https://jsonplaceholder.typicode.com/posts/"
        :show-file-list="false"
        :on-success="handleAvatarSuccess"
        :before-upload="beforeAvatarUpload">
        ![在这里插入图片描述]()
        <i v-else class="el-icon-plus avatar-uploader-icon"></i>
      </el-upload>
      
      <style>
        .avatar-uploader .el-upload {
          border: 1px dashed #d9d9d9;
          border-radius: 6px;
          cursor: pointer;
          position: relative;
          overflow: hidden;
        }
        .avatar-uploader .el-upload:hover {
          border-color: #409EFF;
        }
        .avatar-uploader-icon {
          font-size: 28px;
          color: #8c939d;
          width: 178px;
          height: 178px;
          line-height: 178px;
          text-align: center;
        }
        .avatar {
          width: 178px;
          height: 178px;
          display: block;
        }
      </style>
      
      <script>
        export default {
          data() {
            return {
              imageUrl: ''
            };
          },
          methods: {
            handleAvatarSuccess(res, file) {
              this.imageUrl = URL.createObjectURL(file.raw);
            },
            beforeAvatarUpload(file) {
              const isJPG = file.type === 'image/jpeg';
              const isLt2M = file.size / 1024 / 1024 < 2;
      
              if (!isJPG) {
                this.$message.error('上传头像图片只能是 JPG 格式!');
              }
              if (!isLt2M) {
                this.$message.error('上传头像图片大小不能超过 2MB!');
              }
              return isJPG && isLt2M;
            }
          }
        }
      </script>
      
    3. 照片墙
      在这里插入图片描述

      <el-upload
        action="https://jsonplaceholder.typicode.com/posts/"
        list-type="picture-card"
        :on-preview="handlePictureCardPreview"
        :on-remove="handleRemove">
        <i class="el-icon-plus"></i>
      </el-upload>
      <el-dialog :visible.sync="dialogVisible">
        ![在这里插入图片描述]()
      </el-dialog>
      <script>
        export default {
          data() {
            return {
              dialogImageUrl: '',
              dialogVisible: false
            };
          },
          methods: {
            handleRemove(file, fileList) {
              console.log(file, fileList);
            },
            handlePictureCardPreview(file) {
              this.dialogImageUrl = file.url;
              this.dialogVisible = true;
            }
          }
        }
      </script>
      
    4. 文件缩略图
      在这里插入图片描述

      <el-upload
        action="#"
        list-type="picture-card"
        :auto-upload="false">
          <i slot="default" class="el-icon-plus"></i>
          <div slot="file" slot-scope="{file}">
            <img
              class="el-upload-list__item-thumbnail"
              :src="file.url" alt=""
            >
            <span class="el-upload-list__item-actions">
              <span
                class="el-upload-list__item-preview"
                @click="handlePictureCardPreview(file)"
              >
                <i class="el-icon-zoom-in"></i>
              </span>
              <span
                v-if="!disabled"
                class="el-upload-list__item-delete"
                @click="handleDownload(file)"
              >
                <i class="el-icon-download"></i>
              </span>
              <span
                v-if="!disabled"
                class="el-upload-list__item-delete"
                @click="handleRemove(file)"
              >
                <i class="el-icon-delete"></i>
              </span>
            </span>
          </div>
      </el-upload>
      <el-dialog :visible.sync="dialogVisible">
        ![在这里插入图片描述]()
      </el-dialog>
      <script>
        export default {
          data() {
            return {
              dialogImageUrl: '',
              dialogVisible: false,
              disabled: false
            };
          },
          methods: {
            handleRemove(file) {
              console.log(file);
            },
            handlePictureCardPreview(file) {
              this.dialogImageUrl = file.url;
              this.dialogVisible = true;
            },
            handleDownload(file) {
              console.log(file);
            }
          }
        }
      </script>
      
    5. 图片列表缩略图
      在这里插入图片描述

      <el-upload
        class="upload-demo"
        action="https://jsonplaceholder.typicode.com/posts/"
        :on-preview="handlePreview"
        :on-remove="handleRemove"
        :file-list="fileList"
        list-type="picture">
        <el-button size="small" type="primary">点击上传</el-button>
        <div slot="tip" class="el-upload__tip">只能上传jpg/png文件,且不超过500kb</div>
      </el-upload>
      <script>
        export default {
          data() {
            return {
              fileList: [{name: 'food.jpeg', url: 'https://fuss10.elemecdn.com/3/63/4e7f3a15429bfda99bce42a18cdd1jpeg.jpeg?imageMogr2/thumbnail/360x360/format/webp/quality/100'}, {name: 'food2.jpeg', url: 'https://fuss10.elemecdn.com/3/63/4e7f3a15429bfda99bce42a18cdd1jpeg.jpeg?imageMogr2/thumbnail/360x360/format/webp/quality/100'}]
            };
          },
          methods: {
            handleRemove(file, fileList) {
              console.log(file, fileList);
            },
            handlePreview(file) {
              console.log(file);
            }
          }
        }
      </script>
      
    6. 上传文件列表控制
      在这里插入图片描述

      <el-upload
        class="upload-demo"
        action="https://jsonplaceholder.typicode.com/posts/"
        :on-change="handleChange"
        :file-list="fileList">
        <el-button size="small" type="primary">点击上传</el-button>
        <div slot="tip" class="el-upload__tip">只能上传jpg/png文件,且不超过500kb</div>
      </el-upload>
      <script>
        export default {
          data() {
            return {
              fileList: [{
                name: 'food.jpeg',
                url: 'https://fuss10.elemecdn.com/3/63/4e7f3a15429bfda99bce42a18cdd1jpeg.jpeg?imageMogr2/thumbnail/360x360/format/webp/quality/100'
              }, {
                name: 'food2.jpeg',
                url: 'https://fuss10.elemecdn.com/3/63/4e7f3a15429bfda99bce42a18cdd1jpeg.jpeg?imageMogr2/thumbnail/360x360/format/webp/quality/100'
              }]
            };
          },
          methods: {
            handleChange(file, fileList) {
              this.fileList = fileList.slice(-3);
            }
          }
        }
      </script>
      
    7. 拖拽上传
      在这里插入图片描述

      <el-upload
        class="upload-demo"
        drag
        action="https://jsonplaceholder.typicode.com/posts/"
        multiple>
        <i class="el-icon-upload"></i>
        <div class="el-upload__text">将文件拖到此处,或<em>点击上传</em></div>
        <div class="el-upload__tip" slot="tip">只能上传jpg/png文件,且不超过500kb</div>
      </el-upload>
      
    8. 手动上传
      在这里插入图片描述

      <el-upload
        class="upload-demo"
        ref="upload"
        action="https://jsonplaceholder.typicode.com/posts/"
        :on-preview="handlePreview"
        :on-remove="handleRemove"
        :file-list="fileList"
        :auto-upload="false">
        <el-button slot="trigger" size="small" type="primary">选取文件</el-button>
        <el-button style="margin-left: 10px;" size="small" type="success" @click="submitUpload">上传到服务器</el-button>
        <div slot="tip" class="el-upload__tip">只能上传jpg/png文件,且不超过500kb</div>
      </el-upload>
      <script>
        export default {
          data() {
            return {
              fileList: [{name: 'food.jpeg', url: 'https://fuss10.elemecdn.com/3/63/4e7f3a15429bfda99bce42a18cdd1jpeg.jpeg?imageMogr2/thumbnail/360x360/format/webp/quality/100'}, {name: 'food2.jpeg', url: 'https://fuss10.elemecdn.com/3/63/4e7f3a15429bfda99bce42a18cdd1jpeg.jpeg?imageMogr2/thumbnail/360x360/format/webp/quality/100'}]
            };
          },
          methods: {
            submitUpload() {
              this.$refs.upload.submit();
            },
            handleRemove(file, fileList) {
              console.log(file, fileList);
            },
            handlePreview(file) {
              console.log(file);
            }
          }
        }
      </script>
      
    9. Attribute
      在这里插入图片描述
      在这里插入图片描述
      在这里插入图片描述

    10. Slot
      在这里插入图片描述

    11. Methods
      在这里插入图片描述

    展开全文
  • npm install vue-image-crop-upload npm install –save-dev babel-polyfill <template> <div id="app"> <button class="btn" @click="toggleShow">设置头像</button> <my-upload @...
    npm install vue-image-crop-upload
    npm install –save-dev babel-polyfill
    
    <template>
      <div id="app">
        <button class="btn" @click="toggleShow">设置头像</button>
        <my-upload
        @crop-success="cropSuccess"
        @crop-upload-success="cropUploadSuccess"
        @crop-upload-fail="cropUploadFail"
        v-model="show"
        :width="200"
        :height="200"
        img-format="png"
        :size="size"
        langType='zh'
        :noRotate='false'
        field="Avatar1"
        url="https://httpbin.org/post"></my-upload>
        <img :src="imgDataUrl">
      </div>
    </template>
    
    <script>
      import 'babel-polyfill'; // es6 shim
      import myUpload from 'vue-image-crop-upload';
      export default {
        data() {
          return {
            imgDataUrl: "",
            show: false,
            size:2.1
          }
        },
        components: {
          "my-upload": myUpload
        },
        methods: {
            toggleShow() {
                this.show = !this.show;
            },
            cropSuccess(imgDataUrl, field) {
                console.log('-------- crop success --------',imgDataUrl, field);
            },
            //上传成功回调
            cropUploadSuccess(jsonData, field){
                console.log('-------- upload success --------');
                this.imgDataUrl = jsonData.files.Avatar1;
                console.log(jsonData);
                console.log('field: ' + field);
            },
            //上传失败回调
            cropUploadFail(status, field){
                console.log('-------- upload fail --------');
                console.log('上传失败状态'+ status);
                console.log('field: ' + field);
            }
        }
     
      }
    </script>
    

    具体使用可以参考官方文档https://github.com/dai-siki/vue-image-crop-upload

    展开全文
  • upload

    2016-10-08 14:17:20
    //上传  public static String uploadFile(MultipartFile formFile) throws FileNotFoundException,  IOException {  Properties p = Utils.getProp();  // 如果目录不存在,
  • 反序列化(强网杯2019—UPLOAD

    千次阅读 2019-05-29 15:26:50
    反序列化(强网杯2019—UPLOAD) 前言 这里主要是复现一下强网杯2019web的第一题,UPLOAD。这是一道反序列化的题,反正我觉得挺难的,当时已经锁定了反序列化的方向也没能完成… 感谢大佬提供的复现环境:...
  • upload()方法

    千次阅读 2017-07-29 12:11:47
    private void upLoad() { // Bitmap bitmap; // Bitmap bmpCompressed; // for (int i = 0; i () - 1; i++) { // bitmap = BitmapFactory.decodeFile(list.get(i)); //
  • Upload

    2019-03-18 21:10:17
    6 唯一需要注意的是1.2.3.4是有先后顺序的。考虑把(ai, bi)看做一条边,于是一个n个点的连通块最多只能连n条边,如果顺序是1.3.2.4那么是显然的并查集。但是1.2.3.4的话我们就需要确认每个点到底有没有被用。...
  • AjaxUpLoad.js使用实现文件上传

    万次阅读 2012-11-03 21:50:33
    AjaxUpLoad.js的使用实现无刷新文件上传,如图。 图1 文件上传前 图2 文件上传后 1、创建页面并编写HTML 上传文档: <div class="uploadFile"> <span id="doc"><input type="text" disabled...
  • jquery file upload示例

    万次阅读 2018-02-05 13:50:42
    jquery file uplaod示例
  • Django自定义图片和文件上传路径(upload_to)的2种方式

    万次阅读 多人点赞 2018-06-20 21:43:21
    最近在做一个仿知乎网站的项目了,里面涉及很多图片和文件...Django模型中的ImageField和FileField的upload_to选项是必填项,其存储路径是相对于MEIDA_ROOT而来的。 我们来看一个简单案例(如下所示)。如果你的ME...
  • Vue.js iView Upload上传和展示

    万次阅读 2018-02-10 10:47:24
    公司项目业务业务需求需要一个能够上传图片附件的功能,发现iView官方有个组件Upload,展示使用方法以及后续的过程。&lt;div class="pic_upload"&gt; &lt;Upload ref="upload" ...
  • 这是作者的系列网络安全自学教程,主要是关于安全工具和实践...本篇文章将详细讲解Upload-labs靶场及文件上传漏洞10道CTF题目,并结合Caidao工具介绍拿站的流程及防御原理。如果文章对您有帮助,将是我创作的最大动力。
  • 深究WS_UPLOAD和GUI_UPLOAD

    千次阅读 2008-10-27 08:11:00
    今天看了下紫光的运维程序,又看到了WS_UPLOAD这个函数,想到还看过一个类cl_gui_frontend_services,它里面也有一些静态方法可以上传文件。今天就研究了下他们之间的区别还有类cl_gui_frontend_services。总结如下...
  • antd Upload 文件上传

    万次阅读 2018-10-11 16:14:40
    1.antd官网Upload组件: https://ant.design/components/upload-cn/ 2.下图是最近开发的上传文档的效果:   3.文件上传的实现: (1)方法一:antd默认上传。 a:渲染文件上传组件。getPDFURL()方法为...
  • 使用 Jquery AjaxUpload 上传图片

    千次阅读 2018-08-14 12:56:58
    来源:http://www.cnblogs.com/hxling/archive/2010/07/05/1771320.html 本次使用AJAXUPLOAD做为上传客户端无刷上传插件,其最新版本为
  • iview Upload组件的坑

    千次阅读 2019-07-08 09:26:00
    iview Upload 上传显示进度条的坑 直接先来光放代码 上官方文档 demo 代码 <template> <div class="demo-upload-list" v-for="item in uploadList"> <template v-if="item.status === 'finished'...
  • Nginx和nginx-upload-module安装

    千次阅读 2019-03-17 18:06:15
    Nginx用于提供高性能的web服务和反向代理服务,支持Linux和Windows。靖哥哥也是刚开始接触Nginx,这里主要记录一下Nginx环境搭建的爬坑过程。 ...当然,既然你搜到了这篇文章(靖哥哥的初wen),相信这些知识对你来讲...
  • element-ui upload上传技巧

    万次阅读 热门讨论 2018-09-28 10:26:49
    本文章应用场景是: 前端使用的是vue.js和element-ui。 上传是包含在一个表单...而且element-ui的upload组件上传的路径跟表单保存的路径是不一样的。具体看代码。  &lt;!-- 新增弹窗--&gt; &lt...
  • SFTP & FTP Upload

    千次阅读 2014-08-07 15:06:20
    SFTP & FTP Upload

空空如也

1 2 3 4 5 ... 20
收藏数 527,575
精华内容 211,030
关键字:

upload