<?php
/**
 * Created by cracer
 * Date: 15-10-7
 * Time: 下午1:19
 * Name: upload1.php
 * cracer：http://www.cracer.com/
 */
//文件上傳漏洞演示腳本之js驗證
$uploaddir = 'uploads/';
if (isset($_POST['submit'])) {
 if (file_exists($uploaddir)) {
 if (move_uploaded_file($_FILES['upfile']['tmp_name'], $uploaddir . '/' . $_FILES['upfile']['name'])) {
 echo '文件上傳成功，保存于：' . $uploaddir . $_FILES['upfile']['name'] . "\n";
 }
 } else {
 exit($uploaddir . '文件夾不存在,請手工創建！');
 }
 //print_r($_FILES);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
 <meta http-equiv="Content-Type" content="text/html;charset=gbk"/>
 <meta http-equiv="content-language" content="zh-CN"/>
 <title>文件上傳漏洞演示腳本--JS驗證實例</title>
 <script type="text/javascript">
 function checkFile() {
 var file = document.getElementsByName('upfile')[0].value;
 if (file == null || file == "") {
 alert("你還沒有選擇任何文件，不能上傳!");
 return false;
 }
 //定義允許上傳的文件類型
 var allow_ext = ".jpg|.jpeg|.png|.gif|.bmp|";
 //提取上傳文件的類型
 var ext_name = file.substring(file.lastIndexOf("."));
 //alert(ext_name);
 //alert(ext_name + "|");
 //判斷上傳文件類型是否允許上傳
 if (allow_ext.indexOf(ext_name + "|") == -1) {
 var errMsg = "該文件不允許上傳，請上傳" + allow_ext + "類型的文件,當前文件類型為：" + ext_name;
 alert(errMsg);
 return false;
 }
 }
 </script>
<body>
<h3>文件上傳漏洞演示腳本--JS驗證實例</h3>
<form action="" method="post" enctype="multipart/form-data" name="upload" onsubmit="return checkFile()">
 <input type="hidden" name="MAX_FILE_SIZE" value="204800"/>
 請選擇要上傳的文件：<input type="file" name="upfile"/>
 <input type="submit" name="submit" value="上傳"/>
</form>
</body>
</html>