¾È³çÇϼ¼¿ä! Áö¿ì´Ô,
Áö¿ì´ÔÀÇ Ç÷¡½Ã ¾÷·Î´õ¸¦ ÀÌ¿ëÇØ °Ô½ÃÆÇÀ» Çϳª ¸¸µé¾î º¸·Á°í ÇÕ´Ï´Ù.
write.php¿¡¼ ÆÄÀÏÀ» ¹Þ¾Æ¼ write_proc.php¿¡¼ ÆÄÀÏÀ» ½ÇÁúÀûÀ¸·Î
./upload/notice/ ·Î ¾÷·Îµå ½ÃÅ°´Â Çü½ÄÀ¸·Î ¸¸µé·Á°í ÇÕ´Ï´Ù.
ƯÈ÷, Áö¿ì´ÔÀÇ ¾÷·Î´õ¸¦ /func/uploader/ ¶ó´Â µð·ºÅ丮¿¡ ³Ö¾îµÎ°í
À̸¦ °èÃþÇü °Ô½ÃÆÇ¿¡¼ ²ø¾î¼ »ç¿ëÇÏ´Â ¹æ¹ýÀ» »ç¿ëÇÏ·Á°í ÇÕ´Ï´Ù.
Áö³¹ø¿¡µµ À¯»çÇÑ ¹®ÀǸ¦ ¿Ã·È´Ù°¡ °á±¹ ÇØ°áÀ» ¸øÇÏ°í ´Ù½Ã ÀÌ·¸°Ô
±ÛÀ» µå¸³´Ï´Ù.
Àú¿ª½Ãµµ ¶ó¿Â¼¥ À̶ó´Â ȨÆäÀÌÁö Á¦ÀÛ Ä¿¹Â´ÏƼ »çÀÌÆ®¸¦ ¿î¿µÇϸé¼
¸¹Àº »ç¶÷µéÀÇ Áú¹®¿¡ ´äº¯À» µå¸®°í Àִµ¥¿ä.
ÀÌÀÏÀÌ ¾ó¸¶³ª Èûµç ÀÏÀÎÁö´Â Àß ¾Ë°í ÀÖ½À´Ï´Ù.
±×·³¿¡µµ ¿°Ä¡¸¦ ºÒ±¸ÇÏ°í Ç÷¡½Ã ¾÷·Î´õ Á¦ÀÛÀÚ´ÔÀÇ µµ¿òÀ» ºÎŹµå¸³´Ï´Ù.
±×³É Áö¿ì´Ô²²¼ ¸¸µé¾î ³õÀ¸½Å ¹æ¹ýµ¥·Î write_proc.php¸¦ ¾ø¾Ö ¹ö¸®°í
write.php¿¡¼ cmd=exec¸¦ ½á¼ ÇϳªÀÇ ÆÄÀϷΠó¸®ÇÒ ¼öµµ ÀÖ°ÚÁö¸¸,
°øºÎ¸¦ ÇÏ´Â ÀÔÀå¿¡¼ Á¦°¡ ¿øÇÏ´Â ¹æ¹ýÀ¸·Î ±¸ÇöÀ» Çغ¸´Â °ÍÀÌ ´õ µµ¿òÀÌ
µÇ¸®¶ó°í »ý°¢ÀÌ µË´Ï´Ù.
°ÅÀÇ ÀÌÁ¦ ÇÑ´Þ° ÆÄÀÏÀ» ¾÷·Îµå ½ÃÅ°´Â ºÎºÐ¿¡¼ ÁøôÀ» ¸ø º¸°í ÀÖ´Â ÅͶó
´ä´äÇÑ ¸¶À½À» Áö¿ì´Ô²² Çϼҿ¬ ÇØ º¾´Ï´Ù.
ÇöÀçÀÇ ÁøÇà »óÅ´ ¿¹Àü°ú ºñ½ÁÇÕ´Ï´Ù.
write.php¿¡¼´Â
<script language="JavaScript" type="text/JavaScript" src="./func/uploader/swf_upload.js"></script>
<script language="javascript">
makeSwfMultiUpload(
movie_id='smu03', //ÆÄÀÏÆû °íÀ¯ID
flash_width='640', //ÆÄÀÏÆû ³Êºñ (±âº»°ª 400, ±ÇÀåÃÖ¼Ò 300)
list_rows='3', // ÆÄÀϸñ·Ï Çà (±âº»°ª:3)
limit_size='30', // ¾÷·Îµå Á¦ÇÑ¿ë·® (±âº»°ª 10)
file_type_name='¸ðµçÆÄÀÏ', // ÆÄÀϼ±ÅÃâ ÆÄÀÏÇü½Ä¸í (¿¹: ±×¸²ÆÄÀÏ, ¿¢¼¿ÆÄÀÏ, ¸ðµçÆÄÀÏ µî)
allow_filetype='*.*', // ÆÄÀϼ±ÅÃâ ÆÄÀÏÇü½Ä (¿¹: *.jpg *.jpeg *.gif *.png)
deny_filetype='*.cgi *.pl *.php *.phps *.asp *.jsp *.htm *.html', // ¾÷·Îµå ºÒ°¡Çü½Ä
upload_exe='./func/uploader/upload.php' // ¾÷·Îµå ´ã´çÇÁ·Î±×·¥
);
</script>
<img src="<?=$home_address?>/image/button/btn_c_write.gif" onClick="callSwfUpload('formName');" style="cursor:hand">
À§¿Í °°ÀÌ ÀÔ·ÂÇØ Ã³¸®¸¦ ÇÏ°í ÀÖ½À´Ï´Ù.
±×¸®°í write_proc.php¿¡¼´Â ¾Æ·¡¿Í °°ÀÌ »ç¿ëÇÏ°í ÀÖ±¸¿ä..
<script language="JavaScript" type="text/JavaScript" src="../../../../func/uploader/swf_upload.js"></script>
<?
echo $_GET["browser_id"]."<br>";
echo $_GET["upload_id"]."<br>";
$folder_name = "../../../../func/uploader/files/".$_GET["browser_id"];
if(!is_dir($folder_name)) mkdir($folder_name, 0777);
chmod($folder_name, 0777);
move_uploaded_file($_FILES['Filedata']['tmp_name'], $folder_name."/".$_GET["upload_id"]."__swfupload__".iconv("utf-8","euc-kr",$_FILES['Filedata']['name']));
while(list($key,$value)= each($_POST)){
if(is_array($value)){
while(list($key1,$value1)=each($value)){
echo "\$_POST['".$key."'][".$key1."] = \"". $value1."\"<br>\n";
}
}else{
echo "\$_POST['".$key."'] = \"". $value."\"<br>\n";
}
}
echo "<br>";
$folder_name = "../../../../func/uploader/files/".session_id();
if(is_dir($folder_name)) {
$dir_obj=opendir($folder_name);
while(($file_str = readdir($dir_obj))!==false){
if($file_str!="." && $file_str!=".."){
$split_str = explode("__swfupload__",$file_str);
$_FILES[$split_str[0]]['tmp_name'][] = $file_str;
$_FILES[$split_str[0]]['name'][] = $split_str[1];
$_FILES[$split_str[0]]['size'][] = filesize($folder_name."/".$file_str);
}
}
closedir($dir_obj);
}
for($i=0;$i<count($_FILES['smu03']['tmp_name']);$i++){
echo "\$_FILES['smu03']['name'][$i]: ".$_FILES['smu03']['name'][$i]."<br>";
echo "\$_FILES['smu03']['tmp_name'][$i]: ".$_FILES['smu03']['tmp_name'][$i]."<br>";
echo "\$_FILES['smu03']['size'][$i]: ".$_FILES['smu03']['size'][$i]."<br><br>";
}
?>
±×¸®°í ¿©ÀüÈ÷ ¾ÈŸ±õ°Ôµµ ÀÛµ¿Àº µÇÁö ¾Ê³×¿ä..
Á¦°¡ ±Ã±ÝÇÑ °ÍÀº ´Ü, ÇÑ°¡Áö ÀÔ´Ï´Ù.
óÀ½ Ç÷¡½Ã¿¡ ÆÄÀÏÀ» ÷ºÎÇؼ ±ÛÀ» µî·Ï ÇÒ ¶§ ÇÁ·Î±×·¡½º ¹Ù°¡ ¿òÁ÷À̴µ¥
À̶§ ÆÄÀÏÀÌ ¼¹öÀÇ Æ¯Á¤ À§Ä¡ ¿¹¸¦ µé¾î °Ô½ÃÆÇÀÇ Ã·ºÎÆÄÀϵéÀÌ µî·ÏµÇ´Â °÷¿¡
(ex. ./upload/notice/upload/)¿¡ µî·ÏÀÌ µÇ°Ô²û ÇÏ´Â °ÍÀÔ´Ï´Ù.
ÀÌ¿Í ´õºÒ¾î db¿¡´Â ÆÄÀϸíÀÌ files¶ó´Â Çʵ忡 aa.gif//bbb.gif//ccc.jpg ¿Í °°Àº ÇüÅ·Î
ÀúÀåÀÌ µÇ°Ô ²ûÇÏ´Â °ÍÀÔ´Ï´Ù.
À̹ø¿¡µµ Å« µµ¿òÀ» ºÎŹµå¸³´Ï´Ù.
|