File upload vulnerabilities Attack - ties2/web-pentest GitHub Wiki

File upload vulnerabilities are a type of web application security vulnerability that allows an attacker to upload malicious files to a web server. This can lead to a range of potential attacks, including remote code execution, file inclusion attacks, and data exfiltration. In this article, we will explore the different types of file upload vulnerabilities and provide examples of each.

Unrestricted File Upload

Unrestricted file upload vulnerabilities occur when a web application does not properly validate the file type or content being uploaded. Attackers can exploit this vulnerability by uploading malicious files that contain code or scripts that can be executed on the server. For example, an attacker might upload a PHP shell script that can be used to execute commands or steal data from the server.

Malicious File Upload

Malicious file upload vulnerabilities occur when an attacker uploads a file that appears harmless but actually contains malicious code. This can be achieved by exploiting weaknesses in file format validation or by disguising the file as a harmless file type. For example, an attacker might upload a file with a double file extension (e.g. "file.php.jpg"), which can trick the server into executing the PHP code contained within the file.

File Extension Filtering Bypass

File extension filtering bypass vulnerabilities occur when a web application only allows certain file types to be uploaded but does not properly validate the file extension. Attackers can exploit this vulnerability by renaming a malicious file with a valid extension, such as a .jpg file. For example, an attacker might upload a malicious file named "malware.jpg" that actually contains an executable file.

Overwriting Uploaded Files

Overwriting uploaded file vulnerabilities occur when a web application allows users to overwrite existing files. Attackers can exploit this vulnerability by uploading a malicious file with the same name as an existing file on the server. For example, an attacker might overwrite a legitimate file with a malicious file that can be used to execute commands or steal data.

File Size Limit Bypass

File size limit bypass vulnerabilities occur when a web application limits the size of uploaded files but does not properly validate the size of the file being uploaded. Attackers can exploit this vulnerability by uploading a file that appears to be smaller than the size limit but actually contains malicious code. For example, an attacker might upload a file that is compressed or encrypted to bypass the file size limit.

Prevent File upload vulnerabilities attack:

Use input validation and restrict access to uploaded files to prevent file upload vulnerabilities

cheat sheet for File upload vulnerabilities attacks:

Unrestricted File Upload:

  • Upload a malicious file that contains executable code.
  • Upload a file with a double file extension (e.g. "file.php.jpg")

Malicious File Upload:

  • Upload a file that appears harmless but actually contains malicious code.
  • Exploit weaknesses in file format validation

File Extension Filtering Bypass:

  • Rename a malicious file with a valid extension, such as a .jpg file.
  • Upload a file with a fake MIME type or content type

Overwriting Uploaded Files:

  • Upload a malicious file with the same name as an existing file on the server.
  • Overwrite a legitimate file with a malicious file

File Size Limit Bypass:

  • Compress or encrypt a file to bypass the file size limit.
  • Split a malicious file into multiple smaller files to bypass the file size limit

It's important to note that the best way to prevent these attacks is to implement proper input validation and sanitation techniques when handling user input. Regular security testing and vulnerability scanning can also help to identify and mitigate file upload vulnerabilities before they can be exploited by attackers.