12.
?>
13.
……
14.
<form
method
=
"post"
enctype
=
"multipart/form-data"
name
=
"form1"
>
15.
<input
type
=
"file"
name
=
"file1"
/><br
/>
16.
<input
type
=
"submit"
value
=
"上传文件"
/>
17.
<input
type
=
"hidden"
name
=
"MAX_FILE_SIZE"
value
=
"1024"
/>
18.
</< span>form>
这个例子没有检验文件后缀,可以上传任意文件,很明显的上传漏洞