CTF中文件上传题目整理总结
来源:互联网 发布:淘宝男士小脚裤 编辑:程序博客网 时间:2024/06/03 18:12
0X00说在前面的话
CTF中或多或少都有点文件上传的题目,而这个又是最好整理的,变化的方式不是很多(至少到目前为止我没有发现太多的姿势。。。。),随意就先整理这个吧。
0x01文件上传绕过的主要姿势有:
A:基于前台JS的验证,这个 不要说就是firebug下修改一下JS文件就绕过了
B:基于文件后缀名的绕过,这里面的主要姿势有:利用后缀名大小写混用绕过、空格或者加点的方式绕过,还有对于PHP来说就是PHP3、PHP4、PHP5这种方式绕过,同时还可以考虑的是%00阶段绕过。这种绕过主要是利用了黑名单以及白名单的特点,去测试系统是采用白名单还是黑名单。
C:基于文件类型的检测:Content-type
D:基于文件头部信息的过滤
0x02:考察结合点:
白名单:控制目录配合解析漏洞 iis6.0: 1.asp/xxx.xxxx 1.asp;.xxx asa,cer,
Iis7.5/nginx<0.8 (php.cgi)
Apache 1.php.rar
与黑名单:
只要不是黑名单内的类型均可
0x03文件包含结合的点主要是中间件的解析漏洞来利用:
中间件的解析漏洞主要有:
A:IIS 6.0解析利用方法有两种
1.目录解析
/xx.asp/xx.jpg
2.文件解析
sp.asp;.jpg
第一种,在网站下建立文件夹的名字为 .asp、.asa 的文件夹,其目录内的任何扩展名的文件都被IIS当作asp文件来解析并执行。
例如创建目录 sp.asp,那么/sp.asp/1.jpg将被当作asp文件来执行。假设黑阔可以控制上传文件夹路径,就可以不管你上传后你的图片改不改名都能拿shell了。
第二种,在IIS6.0下,分号后面的不被解析,也就是说sp.asp;.jpg会被服务器看成是sp.asp
还有IIS6.0 默认的可执行文件除了asp还包含这三种
/sp.asa、/sp.cer、/sp.cdx
附录http Content-type类型表:http://tool.oschina.net/commons
文件扩展名 Content-Type(Mime-Type)文件扩展名Content-Type(Mime-Type)
.*( 二进制流,不知道下载文件类型) application/octet-stream.tifimage/tiff
.001 application/x-001.301application/x-301
.323 text/h323.906application/x-906
.907 drawing/907.a11application/x-a11
.acp audio/x-mei-aac.aiapplication/postscript
.aif audio/aiff.aifcaudio/aiff
.aiff audio/aiff.anvapplication/x-anv
.asa text/asa .asf video/x-ms-asf
.asp text/asp .asx video/x-ms-asf
.au audio/basic.avivideo/avi
.awf application/vnd.adobe.workflow.biztext/xml
.bmp application/x-bmp.botapplication/x-bot
.c4t application/x-c4t.c90application/x-c90
.cal application/x-cals.catapplication/vnd.ms-pki.seccat
.cdf application/x-netcdf.cdrapplication/x-cdr
.cel application/x-cel.cerapplication/x-x509-ca-cert
.cg4 application/x-g4.cgmapplication/x-cgm
.cit application/x-cit.classjava/*
.cml text/xml .cmp application/x-cmp
.cmx application/x-cmx.cotapplication/x-cot
.crl application/pkix-crl.crtapplication/x-x509-ca-cert
.csi application/x-csi.csstext/css
.cut application/x-cut.dbfapplication/x-dbf
.dbm application/x-dbm.dbxapplication/x-dbx
.dcd text/xml .dcx application/x-dcx
.der application/x-x509-ca-cert.dgnapplication/x-dgn
.dib application/x-dib.dllapplication/x-msdownload
.doc application/msword.dotapplication/msword
.drw application/x-drw.dtdtext/xml
.dwf Model/vnd.dwf.dwfapplication/x-dwf
.dwg application/x-dwg.dxbapplication/x-dxb
.dxf application/x-dxf.ednapplication/vnd.adobe.edn
.emf application/x-emf.emlmessage/rfc822
.ent text/xml .epi application/x-epi
.eps application/x-ps.epsapplication/postscript
.etd application/x-ebx.exeapplication/x-msdownload
.fax image/fax.fdfapplication/vnd.fdf
.fif application/fractals.fotext/xml
.frm application/x-frm.g4application/x-g4
.gbr application/x-gbr.application/x-
.gif image/gif.gl2application/x-gl2
.gp4 application/x-gp4.hglapplication/x-hgl
.hmr application/x-hmr.hpgapplication/x-hpgl
.hpl application/x-hpl.hqxapplication/mac-binhex40
.hrf application/x-hrf.htaapplication/hta
.htc text/x-component.htmtext/html
.html text/html.htttext/webviewhtml
.htx text/html.icbapplication/x-icb
.ico image/x-icon.icoapplication/x-ico
.iff application/x-iff.ig4application/x-g4
.igs application/x-igs.iiiapplication/x-iphone
.img application/x-img.insapplication/x-internet-signup
.isp application/x-internet-signup.IVFvideo/x-ivf
.java java/* .jfif image/jpeg
.jpe image/jpeg.jpeapplication/x-jpe
.jpeg image/jpeg.jpgimage/jpeg
.jpg application/x-jpg.jsapplication/x-javascript
.jsp text/html.la1audio/x-liquid-file
.lar application/x-laplayer-reg.latexapplication/x-latex
.lavs audio/x-liquid-secure.lbmapplication/x-lbm
.lmsff audio/x-la-lms.lsapplication/x-javascript
.ltr application/x-ltr.m1vvideo/x-mpeg
.m2v video/x-mpeg.m3uaudio/mpegurl
.m4e video/mpeg4.macapplication/x-mac
.man application/x-troff-man.mathtext/xml
.mdb application/msaccess.mdbapplication/x-mdb
.mfp application/x-shockwave-flash.mhtmessage/rfc822
.mhtml message/rfc822.miapplication/x-mi
.mid audio/mid.midiaudio/mid
.mil application/x-mil.mmltext/xml
.mnd audio/x-musicnet-download.mnsaudio/x-musicnet-stream
.mocha application/x-javascript.movievideo/x-sgi-movie
.mp1 audio/mp1.mp2audio/mp2
.mp2v video/mpeg.mp3audio/mp3
.mp4 video/mpeg4.mpavideo/x-mpg
.mpd application/vnd.ms-project.mpevideo/x-mpeg
.mpeg video/mpg.mpgvideo/mpg
.mpga audio/rn-mpeg.mppapplication/vnd.ms-project
.mps video/x-mpeg.mptapplication/vnd.ms-project
.mpv video/mpg.mpv2video/mpeg
.mpw application/vnd.ms-project.mpxapplication/vnd.ms-project
.mtx text/xml .mxp application/x-mmxp
.net image/pnetvue.nrfapplication/x-nrf
.nws message/rfc822.odctext/x-ms-odc
.out application/x-out.p10application/pkcs10
.p12 application/x-pkcs12.p7bapplication/x-pkcs7-certificates
.p7c application/pkcs7-mime.p7mapplication/pkcs7-mime
.p7r application/x-pkcs7-certreqresp.p7sapplication/pkcs7-signature
.pc5 application/x-pc5.pciapplication/x-pci
.pcl application/x-pcl.pcxapplication/x-pcx
.pdf application/pdf.pdfapplication/pdf
.pdx application/vnd.adobe.pdx.pfxapplication/x-pkcs12
.pgl application/x-pgl.picapplication/x-pic
.pko application/vnd.ms-pki.pko.plapplication/x-perl
.plg text/html.plsaudio/scpls
.plt application/x-plt.pngimage/png
.png application/x-png.potapplication/vnd.ms-powerpoint
.ppa application/vnd.ms-powerpoint.ppmapplication/x-ppm
.pps application/vnd.ms-powerpoint.pptapplication/vnd.ms-powerpoint
.ppt application/x-ppt.prapplication/x-pr
.prf application/pics-rules.prnapplication/x-prn
.prt application/x-prt.psapplication/x-ps
.ps application/postscript.ptnapplication/x-ptn
.pwz application/vnd.ms-powerpoint.r3ttext/vnd.rn-realtext3d
.ra audio/vnd.rn-realaudio.ramaudio/x-pn-realaudio
.ras application/x-ras.ratapplication/rat-file
.rdf text/xml .rec application/vnd.rn-recording
.red application/x-red.rgbapplication/x-rgb
.rjs application/vnd.rn-realsystem-rjs.rjtapplication/vnd.rn-realsystem-rjt
.rlc application/x-rlc.rleapplication/x-rle
.rm application/vnd.rn-realmedia.rmfapplication/vnd.adobe.rmf
.rmi audio/mid.rmjapplication/vnd.rn-realsystem-rmj
.rmm audio/x-pn-realaudio.rmpapplication/vnd.rn-rn_music_package
.rms application/vnd.rn-realmedia-secure.rmvbapplication/vnd.rn-realmedia-vbr
.rmx application/vnd.rn-realsystem-rmx.rnxapplication/vnd.rn-realplayer
.rp image/vnd.rn-realpix.rpmaudio/x-pn-realaudio-plugin
.rsml application/vnd.rn-rsml.rttext/vnd.rn-realtext
.rtf application/msword.rtfapplication/x-rtf
.rv video/vnd.rn-realvideo.samapplication/x-sam
.sat application/x-sat.sdpapplication/sdp
.sdw application/x-sdw.sitapplication/x-stuffit
.slb application/x-slb.sldapplication/x-sld
.slk drawing/x-slk.smiapplication/smil
.smil application/smil.smkapplication/x-smk
.snd audio/basic.soltext/plain
.sor text/plain.spcapplication/x-pkcs7-certificates
.spl application/futuresplash.spptext/xml
.ssm application/streamingmedia.sstapplication/vnd.ms-pki.certstore
.stl application/vnd.ms-pki.stl.stmtext/html
.sty application/x-sty.svgtext/xml
.swf application/x-shockwave-flash.tdfapplication/x-tdf
.tg4 application/x-tg4.tgaapplication/x-tga
.tif image/tiff.tifapplication/x-tif
.tiff image/tiff.tldtext/xml
.top drawing/x-top.torrentapplication/x-bittorrent
.tsd text/xml .txt text/plain
.uin application/x-icq.ulstext/iuls
.vcf text/x-vcard.vdaapplication/x-vda
.vdx application/vnd.visio.vmltext/xml
.vpg application/x-vpeg005.vsdapplication/vnd.visio
.vsd application/x-vsd.vssapplication/vnd.visio
.vst application/vnd.visio.vstapplication/x-vst
.vsw application/vnd.visio.vsxapplication/vnd.visio
.vtx application/vnd.visio.vxmltext/xml
.wav audio/wav.waxaudio/x-ms-wax
.wb1 application/x-wb1.wb2application/x-wb2
.wb3 application/x-wb3.wbmpimage/vnd.wap.wbmp
.wiz application/msword.wk3application/x-wk3
.wk4 application/x-wk4.wkqapplication/x-wkq
.wks application/x-wks.wmvideo/x-ms-wm
.wma audio/x-ms-wma.wmdapplication/x-ms-wmd
.wmf application/x-wmf.wmltext/vnd.wap.wml
.wmv video/x-ms-wmv.wmxvideo/x-ms-wmx
.wmz application/x-ms-wmz.wp6application/x-wp6
.wpd application/x-wpd.wpgapplication/x-wpg
.wpl application/vnd.ms-wpl.wq1application/x-wq1
.wr1 application/x-wr1.wriapplication/x-wri
.wrk application/x-wrk.wsapplication/x-ws
.ws2 application/x-ws.wsctext/scriptlet
.wsdl text/xml.wvxvideo/x-ms-wvx
.xdp application/vnd.adobe.xdp.xdrtext/xml
.xfd application/vnd.adobe.xfd.xfdfapplication/vnd.adobe.xfdf
.xhtml text/html.xlsapplication/vnd.ms-excel
.xls application/x-xls.xlwapplication/x-xlw
.xml text/xml .xpl audio/scpls
.xq text/xml .xql text/xml
.xquery text/xml.xsdtext/xml
.xsl text/xml .xslt text/xml
.xwd application/x-xwd.x_bapplication/x-x_b
.sis application/vnd.symbian.install.sisxapplication/vnd.symbian.install
.x_t application/x-x_t.ipaapplication/vnd.iphone
.apk application/vnd.android.package-archive.xapapplication/x-silverlight-app
各种文件格式的头部信息:
JPEG (jpg),文件头:FFD8FF
PNG (png),文件头:89504E47
GIF (gif),文件头:47494638
TIFF (tif),文件头:49492A00
Windows Bitmap (bmp),文件头:424D
CAD (dwg),文件头:41433130
Adobe Photoshop (psd),文件头:38425053
Rich Text Format (rtf),文件头:7B5C727466
XML (xml),文件头:3C3F786D6C
HTML (html),文件头:68746D6C3E
Email [thorough only]
(eml),文件头:44656C69766572792D646174653A
Outlook Express (dbx),文件头:CFAD12FEC5FD746F
Outlook (pst),文件头:2142444E
MS Word/Excel (xls.or.doc),文件头:D0CF11E0
MS Access (mdb),文件头:5374616E64617264204A
WordPerfect (wpd),文件头:FF575043
Postscript. (eps.or.ps),文件头:252150532D41646F6265
Adobe Acrobat (pdf),文件头:255044462D312E
Quicken (qdf),文件头:AC9EBD8F
Windows Password (pwl),文件头:E3828596
ZIP Archive (zip),文件头:504B0304
RAR Archive (rar),文件头:52617221
Wave (wav),文件头:57415645
AVI (avi),文件头:41564920
Real Audio (ram),文件头:2E7261FD
Real Media (rm),文件头:2E524D46
MPEG (mpg),文件头:000001BA
MPEG (mpg),文件头:000001B3
Quicktime (mov),文件头:6D6F6F76
Windows Media (asf),文件头:3026B2758E66CF11
MIDI (mid),文件头:4D546864
CTF中或多或少都有点文件上传的题目,而这个又是最好整理的,变化的方式不是很多(至少到目前为止我没有发现太多的姿势。。。。),随意就先整理这个吧。
0x01文件上传绕过的主要姿势有:
A:基于前台JS的验证,这个 不要说就是firebug下修改一下JS文件就绕过了
B:基于文件后缀名的绕过,这里面的主要姿势有:利用后缀名大小写混用绕过、空格或者加点的方式绕过,还有对于PHP来说就是PHP3、PHP4、PHP5这种方式绕过,同时还可以考虑的是%00阶段绕过。这种绕过主要是利用了黑名单以及白名单的特点,去测试系统是采用白名单还是黑名单。
C:基于文件类型的检测:Content-type
D:基于文件头部信息的过滤
0x02:考察结合点:
白名单:控制目录配合解析漏洞 iis6.0: 1.asp/xxx.xxxx 1.asp;.xxx asa,cer,
Iis7.5/nginx<0.8 (php.cgi)
Apache 1.php.rar
与黑名单:
只要不是黑名单内的类型均可
0x03文件包含结合的点主要是中间件的解析漏洞来利用:
中间件的解析漏洞主要有:
A:IIS 6.0解析利用方法有两种
1.目录解析
/xx.asp/xx.jpg
2.文件解析
sp.asp;.jpg
第一种,在网站下建立文件夹的名字为 .asp、.asa 的文件夹,其目录内的任何扩展名的文件都被IIS当作asp文件来解析并执行。
例如创建目录 sp.asp,那么/sp.asp/1.jpg将被当作asp文件来执行。假设黑阔可以控制上传文件夹路径,就可以不管你上传后你的图片改不改名都能拿shell了。
第二种,在IIS6.0下,分号后面的不被解析,也就是说sp.asp;.jpg会被服务器看成是sp.asp
还有IIS6.0 默认的可执行文件除了asp还包含这三种
/sp.asa、/sp.cer、/sp.cdx
附录http Content-type类型表:http://tool.oschina.net/commons
文件扩展名 Content-Type(Mime-Type)文件扩展名Content-Type(Mime-Type)
.*( 二进制流,不知道下载文件类型) application/octet-stream.tifimage/tiff
.001 application/x-001.301application/x-301
.323 text/h323.906application/x-906
.907 drawing/907.a11application/x-a11
.acp audio/x-mei-aac.aiapplication/postscript
.aif audio/aiff.aifcaudio/aiff
.aiff audio/aiff.anvapplication/x-anv
.asa text/asa .asf video/x-ms-asf
.asp text/asp .asx video/x-ms-asf
.au audio/basic.avivideo/avi
.awf application/vnd.adobe.workflow.biztext/xml
.bmp application/x-bmp.botapplication/x-bot
.c4t application/x-c4t.c90application/x-c90
.cal application/x-cals.catapplication/vnd.ms-pki.seccat
.cdf application/x-netcdf.cdrapplication/x-cdr
.cel application/x-cel.cerapplication/x-x509-ca-cert
.cg4 application/x-g4.cgmapplication/x-cgm
.cit application/x-cit.classjava/*
.cml text/xml .cmp application/x-cmp
.cmx application/x-cmx.cotapplication/x-cot
.crl application/pkix-crl.crtapplication/x-x509-ca-cert
.csi application/x-csi.csstext/css
.cut application/x-cut.dbfapplication/x-dbf
.dbm application/x-dbm.dbxapplication/x-dbx
.dcd text/xml .dcx application/x-dcx
.der application/x-x509-ca-cert.dgnapplication/x-dgn
.dib application/x-dib.dllapplication/x-msdownload
.doc application/msword.dotapplication/msword
.drw application/x-drw.dtdtext/xml
.dwf Model/vnd.dwf.dwfapplication/x-dwf
.dwg application/x-dwg.dxbapplication/x-dxb
.dxf application/x-dxf.ednapplication/vnd.adobe.edn
.emf application/x-emf.emlmessage/rfc822
.ent text/xml .epi application/x-epi
.eps application/x-ps.epsapplication/postscript
.etd application/x-ebx.exeapplication/x-msdownload
.fax image/fax.fdfapplication/vnd.fdf
.fif application/fractals.fotext/xml
.frm application/x-frm.g4application/x-g4
.gbr application/x-gbr.application/x-
.gif image/gif.gl2application/x-gl2
.gp4 application/x-gp4.hglapplication/x-hgl
.hmr application/x-hmr.hpgapplication/x-hpgl
.hpl application/x-hpl.hqxapplication/mac-binhex40
.hrf application/x-hrf.htaapplication/hta
.htc text/x-component.htmtext/html
.html text/html.htttext/webviewhtml
.htx text/html.icbapplication/x-icb
.ico image/x-icon.icoapplication/x-ico
.iff application/x-iff.ig4application/x-g4
.igs application/x-igs.iiiapplication/x-iphone
.img application/x-img.insapplication/x-internet-signup
.isp application/x-internet-signup.IVFvideo/x-ivf
.java java/* .jfif image/jpeg
.jpe image/jpeg.jpeapplication/x-jpe
.jpeg image/jpeg.jpgimage/jpeg
.jpg application/x-jpg.jsapplication/x-javascript
.jsp text/html.la1audio/x-liquid-file
.lar application/x-laplayer-reg.latexapplication/x-latex
.lavs audio/x-liquid-secure.lbmapplication/x-lbm
.lmsff audio/x-la-lms.lsapplication/x-javascript
.ltr application/x-ltr.m1vvideo/x-mpeg
.m2v video/x-mpeg.m3uaudio/mpegurl
.m4e video/mpeg4.macapplication/x-mac
.man application/x-troff-man.mathtext/xml
.mdb application/msaccess.mdbapplication/x-mdb
.mfp application/x-shockwave-flash.mhtmessage/rfc822
.mhtml message/rfc822.miapplication/x-mi
.mid audio/mid.midiaudio/mid
.mil application/x-mil.mmltext/xml
.mnd audio/x-musicnet-download.mnsaudio/x-musicnet-stream
.mocha application/x-javascript.movievideo/x-sgi-movie
.mp1 audio/mp1.mp2audio/mp2
.mp2v video/mpeg.mp3audio/mp3
.mp4 video/mpeg4.mpavideo/x-mpg
.mpd application/vnd.ms-project.mpevideo/x-mpeg
.mpeg video/mpg.mpgvideo/mpg
.mpga audio/rn-mpeg.mppapplication/vnd.ms-project
.mps video/x-mpeg.mptapplication/vnd.ms-project
.mpv video/mpg.mpv2video/mpeg
.mpw application/vnd.ms-project.mpxapplication/vnd.ms-project
.mtx text/xml .mxp application/x-mmxp
.net image/pnetvue.nrfapplication/x-nrf
.nws message/rfc822.odctext/x-ms-odc
.out application/x-out.p10application/pkcs10
.p12 application/x-pkcs12.p7bapplication/x-pkcs7-certificates
.p7c application/pkcs7-mime.p7mapplication/pkcs7-mime
.p7r application/x-pkcs7-certreqresp.p7sapplication/pkcs7-signature
.pc5 application/x-pc5.pciapplication/x-pci
.pcl application/x-pcl.pcxapplication/x-pcx
.pdf application/pdf.pdfapplication/pdf
.pdx application/vnd.adobe.pdx.pfxapplication/x-pkcs12
.pgl application/x-pgl.picapplication/x-pic
.pko application/vnd.ms-pki.pko.plapplication/x-perl
.plg text/html.plsaudio/scpls
.plt application/x-plt.pngimage/png
.png application/x-png.potapplication/vnd.ms-powerpoint
.ppa application/vnd.ms-powerpoint.ppmapplication/x-ppm
.pps application/vnd.ms-powerpoint.pptapplication/vnd.ms-powerpoint
.ppt application/x-ppt.prapplication/x-pr
.prf application/pics-rules.prnapplication/x-prn
.prt application/x-prt.psapplication/x-ps
.ps application/postscript.ptnapplication/x-ptn
.pwz application/vnd.ms-powerpoint.r3ttext/vnd.rn-realtext3d
.ra audio/vnd.rn-realaudio.ramaudio/x-pn-realaudio
.ras application/x-ras.ratapplication/rat-file
.rdf text/xml .rec application/vnd.rn-recording
.red application/x-red.rgbapplication/x-rgb
.rjs application/vnd.rn-realsystem-rjs.rjtapplication/vnd.rn-realsystem-rjt
.rlc application/x-rlc.rleapplication/x-rle
.rm application/vnd.rn-realmedia.rmfapplication/vnd.adobe.rmf
.rmi audio/mid.rmjapplication/vnd.rn-realsystem-rmj
.rmm audio/x-pn-realaudio.rmpapplication/vnd.rn-rn_music_package
.rms application/vnd.rn-realmedia-secure.rmvbapplication/vnd.rn-realmedia-vbr
.rmx application/vnd.rn-realsystem-rmx.rnxapplication/vnd.rn-realplayer
.rp image/vnd.rn-realpix.rpmaudio/x-pn-realaudio-plugin
.rsml application/vnd.rn-rsml.rttext/vnd.rn-realtext
.rtf application/msword.rtfapplication/x-rtf
.rv video/vnd.rn-realvideo.samapplication/x-sam
.sat application/x-sat.sdpapplication/sdp
.sdw application/x-sdw.sitapplication/x-stuffit
.slb application/x-slb.sldapplication/x-sld
.slk drawing/x-slk.smiapplication/smil
.smil application/smil.smkapplication/x-smk
.snd audio/basic.soltext/plain
.sor text/plain.spcapplication/x-pkcs7-certificates
.spl application/futuresplash.spptext/xml
.ssm application/streamingmedia.sstapplication/vnd.ms-pki.certstore
.stl application/vnd.ms-pki.stl.stmtext/html
.sty application/x-sty.svgtext/xml
.swf application/x-shockwave-flash.tdfapplication/x-tdf
.tg4 application/x-tg4.tgaapplication/x-tga
.tif image/tiff.tifapplication/x-tif
.tiff image/tiff.tldtext/xml
.top drawing/x-top.torrentapplication/x-bittorrent
.tsd text/xml .txt text/plain
.uin application/x-icq.ulstext/iuls
.vcf text/x-vcard.vdaapplication/x-vda
.vdx application/vnd.visio.vmltext/xml
.vpg application/x-vpeg005.vsdapplication/vnd.visio
.vsd application/x-vsd.vssapplication/vnd.visio
.vst application/vnd.visio.vstapplication/x-vst
.vsw application/vnd.visio.vsxapplication/vnd.visio
.vtx application/vnd.visio.vxmltext/xml
.wav audio/wav.waxaudio/x-ms-wax
.wb1 application/x-wb1.wb2application/x-wb2
.wb3 application/x-wb3.wbmpimage/vnd.wap.wbmp
.wiz application/msword.wk3application/x-wk3
.wk4 application/x-wk4.wkqapplication/x-wkq
.wks application/x-wks.wmvideo/x-ms-wm
.wma audio/x-ms-wma.wmdapplication/x-ms-wmd
.wmf application/x-wmf.wmltext/vnd.wap.wml
.wmv video/x-ms-wmv.wmxvideo/x-ms-wmx
.wmz application/x-ms-wmz.wp6application/x-wp6
.wpd application/x-wpd.wpgapplication/x-wpg
.wpl application/vnd.ms-wpl.wq1application/x-wq1
.wr1 application/x-wr1.wriapplication/x-wri
.wrk application/x-wrk.wsapplication/x-ws
.ws2 application/x-ws.wsctext/scriptlet
.wsdl text/xml.wvxvideo/x-ms-wvx
.xdp application/vnd.adobe.xdp.xdrtext/xml
.xfd application/vnd.adobe.xfd.xfdfapplication/vnd.adobe.xfdf
.xhtml text/html.xlsapplication/vnd.ms-excel
.xls application/x-xls.xlwapplication/x-xlw
.xml text/xml .xpl audio/scpls
.xq text/xml .xql text/xml
.xquery text/xml.xsdtext/xml
.xsl text/xml .xslt text/xml
.xwd application/x-xwd.x_bapplication/x-x_b
.sis application/vnd.symbian.install.sisxapplication/vnd.symbian.install
.x_t application/x-x_t.ipaapplication/vnd.iphone
.apk application/vnd.android.package-archive.xapapplication/x-silverlight-app
各种文件格式的头部信息:
JPEG (jpg),文件头:FFD8FF
PNG (png),文件头:89504E47
GIF (gif),文件头:47494638
TIFF (tif),文件头:49492A00
Windows Bitmap (bmp),文件头:424D
CAD (dwg),文件头:41433130
Adobe Photoshop (psd),文件头:38425053
Rich Text Format (rtf),文件头:7B5C727466
XML (xml),文件头:3C3F786D6C
HTML (html),文件头:68746D6C3E
Email [thorough only]
(eml),文件头:44656C69766572792D646174653A
Outlook Express (dbx),文件头:CFAD12FEC5FD746F
Outlook (pst),文件头:2142444E
MS Word/Excel (xls.or.doc),文件头:D0CF11E0
MS Access (mdb),文件头:5374616E64617264204A
WordPerfect (wpd),文件头:FF575043
Postscript. (eps.or.ps),文件头:252150532D41646F6265
Adobe Acrobat (pdf),文件头:255044462D312E
Quicken (qdf),文件头:AC9EBD8F
Windows Password (pwl),文件头:E3828596
ZIP Archive (zip),文件头:504B0304
RAR Archive (rar),文件头:52617221
Wave (wav),文件头:57415645
AVI (avi),文件头:41564920
Real Audio (ram),文件头:2E7261FD
Real Media (rm),文件头:2E524D46
MPEG (mpg),文件头:000001BA
MPEG (mpg),文件头:000001B3
Quicktime (mov),文件头:6D6F6F76
Windows Media (asf),文件头:3026B2758E66CF11
MIDI (mid),文件头:4D546864
阅读全文
0 0
- CTF中文件上传题目整理总结
- CTF题目整理
- ASP中文件上传
- spring中文件上传
- struts中文件上传
- jsp中文件上传
- j2me中文件上传
- Rails中文件上传
- struts中文件上传
- Rails中文件上传
- silverlight中文件上传
- Java中文件上传
- JavaWeb中文件上传
- linux中文件上传
- Struts2中文件上传
- Laravel中文件上传
- JavaWeb中文件上传
- jsp中文件上传
- HDU 6127 Hard challenge
- 响应式按钮 整合第三方插件 日期时间类型和函数...
- BP算法详细介绍
- 安装WIN7加载识别USB3.0驱动的解决办法
- jquery关于checkbox选中和不选中的问题
- CTF中文件上传题目整理总结
- Attention-based Extraction of Structured Information from Street View Imagery:基于注意力的街景图像提取结构化信息
- 观察者模式
- Argparse简易教程
- 由赋值中的“别名现象”引发的思考
- Method 绑定方法到类
- spring学习笔记 -- day08 基于XML的Spring中的AOP
- selenium之 chromedriver与chrome版本映射表(更新至v2.31)
- angular2指令解读:ngFor,ngIf,ngSwitch,ngStyle,ngClass用法
