WEB] 파일 업로드 우회

노션으로 옮김·2020년 3월 12일
0

skills

목록 보기
12/37
post-thumbnail

파일 업로드 우회

  • MIME 타입 우회
  • 파일 대소문자 우회
  • 확장자 추가 우회
    • xxx.txt.php
  • null injection 우회
    • xxx.jpg\0.php
  • php3등 다른 확장자 이용
  • .htaccess 조작
    • 인식 확장자 바꾸기

PHP.ini configuration

PHP | php.ini File Configuration

At the time of PHP installation, php.ini is a special file provided as a default configuration file. It’s very essential configuration file which controls, what a user can or cannot do with the website. Each time PHP is initialized, the php.ini file is read by the system. Sometimes you need to change the behavior of PHP at runtime, then this configuration file is to use.

All the settings related to register global variables, upload maximum size, display log errors, resource limits, the maximum time to execute a PHP script and others are written in a file as a set of directives which helps in declaring changes.

Note: Whenever some changes are performed in the file, you need to restart our web server.

To check file path use the following program:

filter_none

brightness_4

`<?php ``echo` `phpinfo(); ``?> `

Note: Keys in the file are case-sensitive, keyword values are not spaces and lines starting with a semicolon are ignored. The file is well commented. The Boolean values are represented by On/Off, 1/0, True/False, Yes/No.

The file contains a set of directives with a set of respective values assigned to it. The values can be string, a number, a PHP constant, INI constants, or an expression, a quoted string or a reference to a previously set variable. Expression in the INI file is limited to bitwise operators or parentheses. Settings with a particular hostname will work under that particular host only.

Environment variables of php.ini file:

  • memory_limit: This setting is done to show the maximum amount of memory a script consumes.

Important settings or common parameters of the php.ini file:

  1. enable_safe_mode = on Its default setting to ON whenever PHP is compiled. Safe mode is most relevant to CGI use.
  2. register_globals = on its default setting to ON which tells that the contents of EGPCS (Environment, GET, POST, Cookie, Server) variables are registered as global variables. But due to a security risk, the user has to ensure if it set to OFF for all scripts.
  3. upload_max_filesize This setting is for the maximum allowed size for uploaded files in the scripts.
  4. upload_tmp_dir = [DIR] Don’t uncomment this setting.
  5. post_max_size This setting is for the maximum allowed size of POST data that PHP will accept.
  6. display_errors = off This setting will not allow showing errors while running PHP project in the specified host.
  7. error_reporting = E_ALL & ~E_NOTICE: This setting has default values as E_ALL and ~E_NOTICE which shows all errors except notices.
  8. error_prepend_string = [“”] This setting allow you to make different color of messages.
  9. max_execution_time = 30 Maximum execution time is set to seconds for any script to limit the time in production servers.
  10. short_open_tags = Off To use XML functions, we have to set this option as off.
  11. session.save-handler = files You don’t need to change anything in this setting.
  12. variables_order = EGPCS This setting is done to set the order of variables as Environment, GET, POST, COOKIE, SERVER. The developer can change the order as per the need also.
  13. warn_plus_overloading = Off This setting issues a warning if + used with strings in a form of value.
  14. gpc_order = GPC This setting has been GPC Deprecated.
  15. magic_quotes_gpc = on This setting is done in case of many forms are used which submits to themselves or others and display form values.
  16. magic_quotes_runtime = Off If magic_quotes_sybase is set to On, this must be Off, this setting escape quotes.
  17. magic_quotes_sybase = Off If this setting is set to off it should be off, this setting escape quotes.
  18. auto-prepend-file = [filepath] This setting is done when we need to automatically include() it at the beginning of every PHP file.
  19. auto-append-file = [filepath] This setting is done when we need to automatically include() it at the end of every PHP file.
  20. include_path = [DIR] This setting is done when we need to require files from the specified directories. Multiple directories are set using colons.
  21. ignore_user_abort = [On/Off] This settings control what will happen when the user click any stop button. The default value is on this setting doesn’t work on CGI mode it works on only module mode.
  22. doc_root = [DIR] This setting is done if we want to apply PHP to a portion of our website.
  23. file_uploads = [on/off] This flag is set to ON if file uploads are included in the PHP code.
  24. mysql.default_host = hostname This setting is done to connect to MySQL default server if no other server host is mentioned.
  25. mysql.default_user = username This setting is done to connect MySQL default username, if no other name is mentioned.
  26. mysql.default_password = password This setting is done to connect MySQL default password if no other password is mentioned.

0개의 댓글