Avatar Uploader
作者:互联网
Avatar Uploader
0x01关键代码
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$type = finfo_file($finfo, $_FILES['file']['tmp_name']);
finfo_close($finfo);
if (!in_array($type, ['image/png'])) {
error('Uploaded file is not PNG format.');
}
$size = getimagesize($_FILES['file']['tmp_name']);
if ($size[0] > 256 || $size[1] > 256) {
error('Uploaded image is too large.');
}
if ($size[2] !== IMAGETYPE_PNG) {
// I hope this never happens...
error('What happened...? OK, the flag for part 1 is: <code>' . getenv('FLAG1') . '</code>');
}
函数
finfo_file()
其可以识别PNG文件十六进制的第一行信息,破坏掉文件长宽等其余信息,也就可以绕过
getimagesize()
函数的检验
当返回的类型不为png时给出flag
标签:...,Uploader,Avatar,file,error,finfo,PNG,size 来源: https://www.cnblogs.com/da-wn/p/15364425.html