1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
| <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title></title> </head> <body> <form method="POST" enctype="multipart/form-data"> <input type="file" name="file"> <button type="submit" name=submit>upload</button> </form> <?php if (isset($_POST['submit'])) { $file=$_FILES['file']; $fileName=$file['name']; $fileTmpname=$file['tmp_name']; $fileSize=$file['size']; $fileError=$file['error']; $fileType=$file['type']; $fileExt=explode('.',$fileName); $fileActualExt=strtolower(end($fileExt)); $allowed=array('jpg'); if(in_array($fileActualExt,$allowed)){ if($fileError==0){ if($fileSize<1000000){ $fileNameNew="1.".$fileActualExt; $fileDestination="./".$fileNameNew; move_uploaded_file($fileTmpname,$fileDestination); echo "upload success!"; // print_r($file); }else{ echo "You image is too big!"; } }else{ echo "You have an error!"; }
}else{ echo "You type can't upload!"; } } ?> </body> </html>
|
1 2 3 4 5 6 7 8
| import requests url="http://127.0.0.1/php/test.php" payload={'submit':'submit'} files={ 'file':open("1.jpg",'rb') } r=requests.post(url,data=payload,files=files); print(r.text)
|
因为php中有一个判断是否点击button的submit,所以data部分要加上!