12.

?>

 

13.

…… 

14.

<form

 

method

=

"post"

 

enctype

=

"multipart/form-data"

 

name

=

"form1"

>

 

15.

<input

 

type

=

"file"

 

name

=

"file1"

 

/><br

 

/>

 

16.

<input

 

type

=

"submit"

 

value

=

"上传文件"

 

/>

 

17.

<input

 

type

=

"hidden"

 

name

=

"MAX_FILE_SIZE"

 

value

=

"1024"

 

/>

 

18.

</< span>form>

 

这个例子没有检验文件后缀，可以上传任意文件，很明显的上传漏洞