Unrestricted File Upload : Web For Pentester

3
157
Unrestricted File upload

Hello friends how are you its Osama here so today i am covering the file upload attacks in the lab environment and i will show how if there i no proper verification of file type then it can do quite some damage to your site and server.

Here are other sections MySql Injection , Directory Traversal , File Include  , Command Injection Attacks

Unrestricted File Upload :-

Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step.

The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database, forwarding attacks to back-end systems, and simple defacement. It depends on what the application does with the uploaded file and especially where it is stored.

There are really two classes of problems here. The first is with the file metadata, like the path and file name. These are generally provided by the transport, such as HTTP multi-part encoding. This data may trick the application into overwriting a critical file or storing the file in a bad location. You must validate the metadata extremely carefully before using it.

The other class of problem is with the file size or content. The range of problems here depends entirely on what the file is used for. See the examples below for some ideas about how files might be misused. To protect against this type of attack, you should analyze everything your application does with files and think carefully about what processing and interpreters are involved. ——Source : OWASP

Risk Of This Attack :-

There are a lot of risks involved in this an attacker can upload php backdoor in php application and wise versa and this put the whole service on the risk and the attacker can get reverse shell to the server and download full source code and more sensitive details from the server.

Examples

Attacks on application platform

  • Upload .jsp file into web tree – jsp code executed as web user
  • Upload .gif to be resized – image library flaw exploited
  • Upload huge files – file space denial of service
  • Upload file using malicious path or name – overwrite critical file
  • Upload file containing personal data – other users access it
  • Upload file containing “tags” – tags get executed as part of being “included” in a web page

Attacks on other systems

  • Upload .exe file into web tree – victims download trojaned executable
  • Upload virus infected file – victims’ machines infected
  • Upload .html file containing script – victim experiences Cross-site Scripting (XSS)

Protections :-

There are a lot of ways to protect a web application against these attack like black-listing and white-listing the file extensions but these are weak protection the best thing is to follow best practices like

  • Uploaded directory should not have any “execute” permission.
  • Limit upload size.
  • Try to use POST method instead of PUT (or GET!)
  • Use Cross Site Request Forgery protection methods.

these are just a few but there are a lot to follow.

Web For Pentester Example :-

Now we will talk about the examples provided in the Web for Pentester lab.

so open up your lab and go the the lab url

so the first example is just a simple upload script and it will upload any file

now lets check example 2

now as you can see that there is some filtering applied

lets see the code

if (preg_match(‘/\.php$/’,$file)) {
DIE(“NO PHP”);

Here is the Video about it.

3 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here