File upload vulnerabilities & mitigation

799 views

Published on

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
799
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
24
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

File upload vulnerabilities & mitigation

  1. 1. File Upload Vulnerabilities Exploitation and Mitigation Chinedu Onwukike - Cyber Risk Consultant
  2. 2. The need for File Upload  Indispensable way of file sharing  Dropbox, 4shared.com etc Added functionality  Increases business efficiency, enhances interaction between end users and corporate employees Social Networking  Facebook, Twitter, MySpace, Instagram et al 2
  3. 3. The Threat  Opens another door for attackers Lack of expertise in securing upload forms 3
  4. 4. Cases of File Upload Security Case 1: Simple File upload form with no validation Exploit: Simply upload shell (without any modification) in server language format (asp, jsp, php, py) Case 2: Mime Type Validation Idea: This checks the content type. $_FILES[‘uploaded’][‘type’] Exploit: Use of web proxies such as Burpsuite to intercept and alter content type.  Case 3: Black listing extension types Not good for hosted environment (running several scripting languages) Exploit: Impossible to predict all possible random extensions (shell.php.345) 4
  5. 5. Cases of File Upload Security Case 4: Check the image header Idea: Using getimagesize() to determine if it is an actual image Exploit: Bypassed with Image editing tools Case 5: Protection with .htaccess Idea: To restrict the execution of script files in this folder Exploit: Use of web proxies such as Burpsuite to intercept and alter content type. Case 6: Client Side validation Idea: Better performance and client side checks Exploit: Can be easily bypassed with web application proxies 5
  6. 6. Tools  BurpSuite  Apache Server running PHP in Linux OS.  Any Web browser  Fairly secure server side PHP upload script. 6
  7. 7. Mitigation • .htaccess file should not be in the same directory as uploaded files. Can be in parent. • Upload files in a directory outside the server root • Avoid absolute reliance on client-side validation • Create a copy of the file with random name and add corresponding extension 7
  8. 8. Demonstration - PoC 8
  9. 9. Questions

×