How to Perform File Upload Attack?
Applications face a serious risk from uploaded data. In several attacks, the first move is to get some code into the target machine. The attacker just needs to figure out how to get the code to run. The attacker will complete the first move by using a file upload.
Full device takeover, an overloaded file system or database, forwarding attacks to back-end systems, client-side attacks, or simple defacement are all possible outcomes of uncontrolled file upload. It is determined by what the application does with the uploaded file and, more importantly, where it is stored.
In this case, there are two types of issues. The first is for file metadata, such as the route and name of the file. The transport, such as HTTP multi-part encoding, usually provides these. This information may lead to the application overwriting or storing a sensitive file in an incorrect position. Before using the metadata, it must be thoroughly validated.
The file size or content is the other type of problem. The range of issues here is entirely dependent on the file’s intended use. For some examples of how files might be misused, see the examples below. To defend against this form of attack, examine all your application does with files and consider which processing and interpreters are involved.
Total server takeover, an overloaded file system or database, forwarding attacks on back-end systems, and simple defacement are all possible outcomes of uncontrolled file upload. It is determined by what the application does with the uploaded file and, more importantly, where it is stored. The following is a list of possible attacks by the attacker:
• Upload and run a web-shell to compromise the web server, which can run commands, browse system files, browse local resources, target other servers, and exploit local vulnerabilities, among other things.
• Put a phishing page into the website.
• Put a permanent XSS into the website.
• Exfiltrate potentially confidential data by circumventing cross-origin resource sharing (CORS) policy.
• Upload a file with a malicious path or name, overwriting important files or personal information that other users have access to. The attacker could, for example, replace the.htaccess file in order to run specific scripts.
STEPS TO REPRODUCE
1. Open the DVWA application and go to File upload option.
2. Look for a parameter where we can upload a file. Here we will inject a malicious file which is Dhanush.php. Download or create a malicious file on your own and upload it.
3. As we can see that the file is uploaded now, and the file is malicious. This is how we can test for file upload vulnerability.
• Without a white-list filter, never support a filename and its extension explicitly. • If Unicode characters are not needed, it is highly recommended that the file name and extension only accept alphanumeric characters and one dot as input.
• Limit the file size to a maximum value to prevent denial of service attacks. • There should be no “execute” authorization on the uploaded directory. • Do not rely on client-side validation only.
Get In Touch
How Can We Help ?
We make your product happen. Our dynamic, robust and scalable solutions help you drive value at the greatest speed in the market