File Upload Vulnerabilities
Golam_Mostafa
Posted on November 23, 2024
What Are File Upload Vulnerabilities?
File upload vulnerabilities occur when a server lets users upload files without proper checks. Attackers can exploit this to upload harmful files, like scripts, instead of safe ones, like images. Sometimes, just uploading the file causes damage; other times, attackers trigger the file to execute with a request.
How Do These Vulnerabilities Happen?
Even when protections exist, flaws in implementation can still allow attacks. Common issues include:
- Blocking some dangerous file types but missing others.
- Relying on file properties that attackers can fake using tools.
- Inconsistent validation across the website.
These small mistakes give attackers ways to bypass security measures.
Exploiting Flawed File Upload Validation
Attackers often exploit weak validation to upload harmful scripts, like web shells. For example, a PHP script like this reads secret files:
<?php echo file_get_contents('secret.txt'); ?>
Or, a script like this can run system commands:
<?php echo system($_GET['cmd']); ?>
Attackers can send:
GET /hack.php?cmd=whoami
This shows the server's identity and gives attackers control.
Flawed File Type Validation
Some servers validate file uploads by checking the Content-Type header for expected MIME types like image/jpeg
. However, if the server trusts this header without checking the fileโs actual contents, attackers can easily bypass the validation.
For example, an image upload form may send this request:
POST /images HTTP/1.1
Host: example.com
Content-Type: multipart/form-data
--boundary
Content-Disposition: form-data; name="image"; filename="example.jpg"
Content-Type: image/jpeg
[binary data]
--boundary--
If the server only verifies the Content-Type
value, attackers can fake this using tools like Burp Repeater and upload malicious files disguised as images.
Protecting Against File Upload Vulnerabilities
To prevent these attacks:
- Verify file content matches the declared type.
- Store uploaded files in non-executable directories.
- Use strict whitelists for allowed file types.
- Scan files for malicious content.
Learn More: Watch the Tutorial
Acknowledgment: This post is inspired by insights from PortSwigger Web Security and ChatGPT.
Posted on November 23, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.