News

File Upload Vulnerabilities

stp2y0 Comments
File Upload Vulnerabilities




What Are File Upload Vulnerabilities?

File upload vulnerabilities occur when a server lets users upload files without proper checks. Attackers can exploit this to upload harmful files, like scripts, instead of safe ones, like images. Sometimes, just uploading the file causes damage; other times, attackers trigger the file to execute with a request.



How Do These Vulnerabilities Happen?

Even when protections exist, flaws in implementation can still allow attacks. Common issues include:

  • Blocking some dangerous file types but missing others.
  • Relying on file properties that attackers can fake using tools.
  • Inconsistent validation across the website.

These small mistakes give attackers ways to bypass security measures.



Exploiting Flawed File Upload Validation

Attackers often exploit weak validation to upload harmful scripts, like web shells. For example, a PHP script like this reads secret files:

<?php echo file_get_contents('secret.txt'); ?>
Enter fullscreen mode

Exit fullscreen mode

Or, a script like this can run system commands:

<?php echo system($_GET['cmd']); ?>
Enter fullscreen mode

Exit fullscreen mode

Attackers can send:

GET /hack.php?cmd=whoami
Enter fullscreen mode

Exit fullscreen mode

This shows the server’s identity and gives attackers control.



Flawed File Type Validation

Some servers validate file uploads by checking the Content-Type header for expected MIME types like image/jpeg. However, if the server trusts this header without checking the file’s actual contents, attackers can easily bypass the validation.

For example, an image upload form may send this request:

POST /images HTTP/1.1  
Host: example.com  
Content-Type: multipart/form-data  

--boundary  
Content-Disposition: form-data; name="image"; filename="example.jpg"  
Content-Type: image/jpeg  

[binary data]  
--boundary--
Enter fullscreen mode

Exit fullscreen mode

If the server only verifies the Content-Type value, attackers can fake this using tools like Burp Repeater and upload malicious files disguised as images.



Protecting Against File Upload Vulnerabilities

To prevent these attacks:

  1. Verify file content matches the declared type.
  2. Store uploaded files in non-executable directories.
  3. Use strict whitelists for allowed file types.
  4. Scan files for malicious content.

Learn More: Watch the Tutorial

Acknowledgment: This post is inspired by insights from PortSwigger Web Security and ChatGPT.



Source link
lol

By stp2y

Leave a Reply

Your email address will not be published. Required fields are marked *

No widgets found. Go to Widget page and add the widget in Offcanvas Sidebar Widget Area.