1、安装phpstudy环境,将upload-labs环境放入php网站根目录下,访问如下图:
2、打开BurpSuite默认代理端口127.0.0.1:8080,intercept标签中开启数据拦截功能interceptison。
3、chrome浏览器代理设置,127.0.0.1:8080,这里我使用的是SwitchyOmega插件进行快速设置。
4、重新选择phpinfo.php文件进行上传,BurpSuite拦截到文件上传数据包。将拦截数据包中的content-type:application/octet-stream更改为content-type:image/jpeg,点击forward转发,查看上传网页界面,发现文件已经上传成功。
5、查看一下MIME检测的源代码。
文件拓展名 对应的MIME类型,文件上传下载有用
文件拓展名 MIME 类型
.doc application/msword
.dot application/msword
.docx application/vnd.openxmlformats-officedocument.wordprocessingml.document
.dotx application/vnd.openxmlformats-officedocument.wordprocessingml.template
.docm application/vnd.ms-word.document.macroEnabled.12
.dotm application/vnd.ms-word.template.macroEnabled.12
.xls application/vnd.ms-excel
.xlt application/vnd.ms-excel
.xla application/vnd.ms-excel
.xlsx application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
.xltx application/vnd.openxmlformats-officedocument.spreadsheetml.template
.xlsm application/vnd.ms-excel.sheet.macroEnabled.12
.xltm application/vnd.ms-excel.template.macroEnabled.12
.xlam application/vnd.ms-excel.addin.macroEnabled.12
.xlsb application/vnd.ms-excel.sheet.binary.macroEnabled.12
.ppt application/vnd.ms-powerpoint
.pot application/vnd.ms-powerpoint
.pps application/vnd.ms-powerpoint
.ppa application/vnd.ms-powerpoint
.pptx application/vnd.openxmlformats-officedocument.presentationml.presentation
.potx application/vnd.openxmlformats-officedocument.presentationml.template
.ppsx application/vnd.openxmlformats-officedocument.presentationml.slideshow
.ppam application/vnd.ms-powerpoint.addin.macroEnabled.12
.pptm application/vnd.ms-powerpoint.presentation.macroEnabled.12
.potm application/vnd.ms-powerpoint.template.macroEnabled.12
.ppsm application/vnd.ms-powerpoint.slideshow.macroEnabled.12
内容全部来源于网络收集,如有侵权,请联系网站删除:QQ:24596024