当前位置：网站首页>File download vulnerability & file read vulnerability & file delete vulnerability

File download vulnerability & file read vulnerability & file delete vulnerability

2022-06-22 13:14:00 【Boring knowledge】

File download

Insert picture description here

File download vulnerability

What is file download vulnerability

First, the file download vulnerability , In fact, the website platform provides the function of downloading files , There is no restriction on the download of this website on the website platform , Then some indiscriminate molecules will take advantage of this shortcoming to download some sensitive files and some important files

There are two formats for file downloading

 Direct download 【 There is no loophole 】
www.baidu.com/1.zip


 Analytic Download 【 There may be loopholes 】
www.baidu.com?file=1.zip

explain

 Direct download ：

                 The connection is 
         1.zip-------------www.baidu.com/1.zip
         
                 The connection is 
         2.zip-------------www.baidu.com/2.zip




 Download ：


                                             /1.zip
                                            /
                                           /
                     www.baidu.com?file=   ——————2.zip
                                           \
                                            \ 
                                             \3.zip

                     
                     www.baidu.com?file=     It's like a robot that gives you what you want 
                     
                      I want to 1.zip
                     www.baidu.com?file=1.zip
                      I want to 2.zip
                     www.baidu.com?file=2.zip
                      I want to 3.zip
                     www.baidu.com?file=3.zip
                     
                     
                      He will help you find whatever you ask him for , That's what it means 
                      If he didn't 1.zip  Then he'll return it to you

Causes of loopholes ：

There are functions to read files
The path to read the file is controllable by the user and is not verified or the verification is not strict
Output file content

Loophole damage ：

Download any file from the server , Such as script code 、 Service and system configuration files, etc , Further use the obtained information for greater harm .
Further code auditing can be done with the available code , Get more exploitable

Case study

http://67.202.70.133/files/readfile.php?file=…/configurtion.php

http://67.202.70.133/

File read vulnerability

File read function

fopen
file_get_contents
fread
fgets
fgetss
file
fpassthru
parse_ini_file
readfile

<?php
    $filename = $_GET['file'];
    if(isset($filename)) {
    
        readfile($filename);
    }

File deletion vulnerability

<?php
    header("Content-Type:text/html;charset=utf-8");
    $filename = $_GET['file'];
    if(file_exists($filename)){
    
        unlink($filename);
        echo "<script>alert(' Delete successful ')</script>";
    }else{
    
        echo "<script>alert(' Delete failed ')</script>";
    }