Home > Enterprise >  i just need to stop people from uploading php extension files how?
i just need to stop people from uploading php extension files how?

Time:10-06

I have this code for upload images , When i try to use burpsuite to see what happens , i can see response from this code showing the location of folder where its uploaded , how i can hide this from the response , so the customer cant see where is the files been uploaded in the server, also how i can fix , stop the upload php files ? when i change the method to . Content-Type: php/image , the file is uploaded with end of .php is there any fix for this code?

thanks!

 <?php
    ini_set('display_errors', 0);
    ini_set('error_reporting',0);
    include "query_requests.php";

    function dd($data)
    {
        var_dump($data);
        die();
    }
    


    $target_dir = "uploads2/";
    $target_file = $target_dir . basename($_FILES["uploadfile"]["name"]);
    $id = $_GET['id'];
    $imgName=$id.".".explode('/',$_FILES['uploadfile']["type"])[1];
    $imgID = $_GET['imgID'];
    $_SESSION['imgext']=explode('/',$_FILES['uploadfile']["type"])[1];
    $imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));
    $target_file = $target_dir . $id."_pic".".".explode('/',$_FILES['uploadfile']["type"])[1];

    if(file_exists($target_file)) {
        chmod($target_file,0755); //Change the file permissions if allowed
        unlink($target_file); //remove the file
    }
    $uploadOk = 1;
    if (isset($_POST["submit"])) {
        $check = getimagesize($_FILES["uploadfile"]["tmp_name"]);
        if ($check !== false) {
            echo "File is an image - " . $check["mime"] . ".";
            $uploadOk = 1;
        } else {
            echo "File is not an image.";
            $uploadOk = 0;
        }
    }

    $size = $_FILES["uploadfile"]["size"];

    if( strcmp($imageFileType,"jpg") == 0  || strcmp($imageFileType,"png") == 0 || strcmp($imageFileType,"jpeg") == 0){


    } else{
        exit(json_encode(array('success' => false, 'msg' => "", 'ext' =>
$imageFileType, 'size' => $size)));

    }
    if ($uploadOk == 0) {
        echo "Sorry, your file was not uploaded.";

    } else {

        $imagetype = $_FILES['uploadfile']["type"];

        if (move_uploaded_file($_FILES["uploadfile"]["tmp_name"], $target_file)) {
            $path = realpath($target_file);
            $curl = curl_init();
   
            curl_setopt_array($curl, array(
                CURLOPT_URL => 'http://',
                CURLOPT_RETURNTRANSFER => true,
                CURLOPT_ENCODING => '',
                CURLOPT_MAXREDIRS => 10,
                CURLOPT_TIMEOUT => 0,
                CURLOPT_FOLLOWLOCATION => true,
                CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
                CURLOPT_CUSTOMREQUEST => 'POST',
                CURLOPT_HTTPHEADER => array(''),
                CURLOPT_POSTFIELDS => array('Image' => new CURLFile($path, $_FILES['uploadfile']["type"], $imgName)),

            ));


            $response = curl_exec($curl);
            $resDec=json_decode($response,1);
            $ident='';
            if($resDec['responseCode']==0){
                $ident=str_replace(' ','',$resDec['results']['id']);
                $ident=trim($ident);
            }

            $imageType=$_FILES["uploadfile"]["type"];
            $condition = " random_id=:random_id ";
            $bind = array('random_id' =>$_GET['id']);

            $identity = findFirst('idintities', $condition, $bind)->fetch();
            if($identity){
                update(array('random_id'=>$id,'json_info'=>$response,'id_num'=>$ident,'img_ext'=>$imageType),$condition,$bind,'idintities');

            }else{
                insertRequest(array('random_id'=>$id,'json_info'=>$response,'id_num'=>$ident,'img_ext'=>$imageType),'idintities');

            }

            $validId = $imgID == $ident ? 1: 0;

      echo json_encode(array('success' => true, 'size' => $size, 'target' => $target_file, 'validId' => $validId, 'info' => $resDec));

        } else {
        
            exit(json_encode(array('success' => false, 'msg' => "\"Sorry, there was an error uploading your file.", 'size' => $size)));


        }

    }
?> 

code part of html to upload file image ,

 (progressBar = document.getElementById("progressBar")), (progressOuter = document.getElementById("progressOuter")), (msgBox = document.getElementById("msgBox"));
            var identValid = true;
            var btn = document.getElementById("uploadBtn");
            var uploader = new ss.SimpleUpload({
                button: btn,
                url: "upload.php?id=",
                name: "uploadfile",
                multipart: true,
                hoverClass: "hover",
                focusClass: "focus",
                responseType: "json",
                startXHR: function () {
                    progressOuter.style.display = "block";
                    this.setProgressBar(progressBar);
                },

CodePudding user response:

Here's how you can add the check into your code:

$uploadOk = 1;
if (isset($_POST["submit"])) {
    $check = getimagesize($_FILES["uploadfile"]["tmp_name"]);
    if ($check !== false) {
        echo "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
    $filename = $_FILES['video_file']['name'];
    $ext = pathinfo($filename, PATHINFO_EXTENSION);
    if ($ext == 'php') {
        echo 'error: You should not upload PHP files.';
        $uploadOk = 0;
    }
}

Please note that this code only looks at the extension of the file that was uploaded. Extensions can be changed, so they don't necessarily reflect the content of the file.

CodePudding user response:

You have so many issues with your code I do not know where to begin.
And you need to clarify what it is you are trying to do

You should show your upload HTML.

The following is an app where the user uploads an image, the image is converted to a webp image and transmitted to a PHP script and saved as a .webp image.

The HTML

<form action="upload.php" method="post" enctype="multipart/form-data">
Upload an Image from your device <br>
<input type="file" name="image1[]" multiple accept="image/png, image/jpeg, image/gif, image/webp" /><br>
<button type="submit">Upload Image(s)</button>

The upload.php

if( is_uploaded_file($_FILES['image1']['tmp_name']) || !($_FILES['image1']['error'] !== UPLOAD_ERR_OK)){

  $save = false;
  switch(strtolower($_FILES['image1']['type'])){
  case 'image/jpeg':
    $image = @imagecreatefromjpeg($_FILES['image1']['tmp_name']);
    if ($image !== false){$save = true;break;}
  case 'image/png':
    $image = @imagecreatefrompng($_FILES['image1']['tmp_name']);
    if ($image !== false){$save = true;break;}
  case 'image/gif':
    $image = @imagecreatefromgif($_FILES['image1']['tmp_name']);
    if ($image !== false){$save = true;break;}
  case 'image/webp':
    $image = @imagecreatefromwebp($_FILES['image1']['tmp_name']);
    if ($image !== false){$save = true;break;}
  default:
    $img = @getimagesize($_FILES['image1']['tmp_name']);
    switch(strtolower($img['mime'])){
    case 'image/jpeg':
      $image = @imagecreatefromjpeg($_FILES['image1']['tmp_name']);
      if ($image !== false){$save = true;break;}
    case 'image/png':
      $image = @imagecreatefrompng($_FILES['image1']['tmp_name']);
      if ($image !== false){$save = true;break;}
    case 'image/gif':
      $image = @imagecreatefromgif($_FILES['image1']['tmp_name']);
      if ($image !== false){$save = true;break;}
    default:
      $filename = $_FILES['image1']['name'];
      $ext = substr($filename,-3);
      switch(strtolower($ext)){
      case 'jpg':
        $image = @imagecreatefromjpeg($_FILES['image1']['tmp_name']);
        if ($image !== false){$save = true;break;}
      case 'ebp':
        $image = @imagecreatefromwebp($_FILES['image1']['tmp_name']);
        if ($image !== false){$save = true;break;}
      case 'gif':
        $image = @imagecreatefromgif($_FILES['image1']['tmp_name']);
        if ($image !== false){$save = true;break;}
      case 'png':
        $image = @imagecreatefrompng($_FILES['image1']['tmp_name']);
        if ($image !== false){$save = true;break;}
      default:
        $image = @imagecreatefromjpeg($_FILES['image1']['tmp_name']);
        if ($image !== false){$save = true;break;}
        $image = @imagecreatefrompng($_FILES['image1']['tmp_name']);
        if ($image !== false){$save = true;break;}
        $image = @imagecreatefromgif($_FILES['image1']['tmp_name']);
        if ($image !== false){$save = true;break;}
      }
    }
    if($save){imagewebp($image, $filename,70);}
    $post= base64_encode($image);
    $curl = curl_init($url);
    $request = array();
    $request[] = "Content-Type: text/plain" ;
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $request);
    curl_setopt($ch, CURLOPT_ENCODING,"");

    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
    curl_setopt($ch, CURLOPT_TIMEOUT,10);
    curl_setopt($ch, CURLOPT_FAILONERROR,true);
    curl_setopt($ch, CURLOPT_ENCODING,"");

    $response = curl_exec($ch);
    echo $response;

The receiving script ($url)

$base64 = file_get_contents('php://input');
$image = base64_decode($base64);
$filename = 'image.webp';
file_put_contents($filename,$image)
  • Related