1. File Upload Vulnerabilities
Exploitation and
Mitigation
Chinedu Onwukike
- Cyber Risk Consultant

2. The need for File Upload

Indispensable way of file sharing
 Dropbox, 4shared.com etc
Added functionality
 Increases business efficiency, enhances interaction between
end users and corporate employees
Social Networking
 Facebook, Twitter, MySpace, Instagram et al
2

3. The Threat

Opens another door for attackers
Lack of expertise in securing upload forms
3

4. Cases of File Upload Security
Case 1: Simple File upload form with no validation
Exploit: Simply upload shell (without any modification) in
server language format (asp, jsp, php, py)
Case 2: Mime Type Validation
Idea: This checks the content type. $_FILES[‘uploaded’][‘type’]
Exploit: Use of web proxies such as Burpsuite to intercept
and alter content type.

Case 3: Black listing extension types
Not good for hosted environment (running several scripting
languages)
Exploit: Impossible to predict all possible random
extensions (shell.php.345)
4

5. Cases of File Upload Security
Case 4: Check the image header
Idea: Using getimagesize() to determine if it is an
actual image
Exploit: Bypassed with Image editing tools
Case 5: Protection with .htaccess
Idea: To restrict the execution of script files in this
folder
Exploit: Use of web proxies such as Burpsuite to
intercept
and alter content type.
Case 6: Client Side validation
Idea: Better performance and client side checks
Exploit: Can be easily bypassed with web application
proxies
5

6. Tools
 BurpSuite
 Apache Server running PHP in Linux
OS.
 Any Web browser
 Fairly secure server side PHP upload
script.
6

7. Mitigation
•
.htaccess file should not be in the same
directory as uploaded files. Can be in parent.
•
Upload files in a directory outside the server
root
•
Avoid absolute reliance on client-side
validation
•
Create a copy of the file with random name
and add corresponding extension
7

8. Demonstration - PoC
8

9. Questions