Secure Code Warrior - Unrestricted file upload
•Download as PPTX, PDF•
0 likes•178 views
Web App Vulnerabilities - Slidepack on "Unrestricted file upload" by Secure Code Warrior Limited and licensed under CC BY-ND 4.0
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (15)
Similar to Secure Code Warrior - Unrestricted file upload
Similar to Secure Code Warrior - Unrestricted file upload (20)
Recently uploaded
Recently uploaded (20)
Secure Code Warrior - Unrestricted file upload
- 1. Unrestricted File Upload Web App Vulnerabilities by Secure Code Warrior Limited is licensed under CC BY-ND 4.0
- 2. What is it? Some applications allow users to upload their own files. In case there are no limitations on the uploaded file name, type or size, the unrestricted file upload could cause problems. What causes it? Files uploaded to the application are not verified. There are no checks to verify the file size and possibly dangerous extensions or content. Upload rate limitation could be missing as well. What could happen? Attackers might be able to upload malicious files or files that contain phishing pages or scripts. In case file contents get executed, an attacker could retrieve access to the web application. File upload functionality can be used for DoS attacks as well. How to prevent it? Perform whitelisting on the file extension and file name. Limit file size to a maximum and minimum and file name length to a maximum. Store files in a low-privilege directory that cannot be accessed from the internet.
- 3. Unrestricted File Upload Understanding the security vulnerability A web application allows users to upload files and view them afterwards in a directory. Uploads Info.txt Finance.xls … Upload web shell The attacker can browse to the file through the “Uploads” directory and can pass commands to his web shell. Uploads Info.txt Finance.xls shell.run All commands passed to the shell get executed on the server and are run with the same privileges as the web application. uploads/shell.run ?cmd=whoami > webuser /uploads/shell.run?cmd=whoami webuser /uploads/shell.run?cmd=pwd /var/www/html/uploads A malicious user noticed this functionality and decides to upload a web shell. Upload file shell.run Browse
- 4. Unrestricted File Upload Understanding the security vulnerability A web application allows users to upload files and view them afterwards in a directory. Uploads Info.txt Finance.xls … Upload fake login page A malicious user noticed this functionality and decides to upload an HTML page containing a fake login. Upload file login.html Browse <html> <b>Username</b> <input type="text"> <b>Password</b> <input type="password"> <button type="submit">Login</button> </html> When a user submits credentials through the fake login page, the information is sent to the attacker. Username: John Password: dragon The attacker sends the fake login page to a number of people, in hopes of someone enter their login credentials. vulnerable.app/uploads/login.html Username Password John ******
- 5. Unrestricted File Upload Realizing the impact By uploading a large amount of small files, an attacker could launch a DoS attack. An attacker could upload a web shell and retrieve access to the web server. Users could be tricked into providing sensitive information to a phishing page uploaded by an attacker.
- 6. Unrestricted File Upload Preventing the mistake Apply white-list validation and filtering on file names and extensions. Remove special characters from file names. Limit the length to a fixed amount of characters. Only allow required extensions. Store uploaded files in a private directory without execution privileges. Enforce minimum and maximum file size limits. Scan uploaded files for malicious content. Store files with randomly generated file names.