root@chriscz:~# cat writeups/insecure-file-upload.md
medium

Insecure File Upload

Insure File Upload Insecure file upload is a vulnerability where an application allows the upload of files without proper validation and control. Now there is so many websites and apps use a file upload feature is a stan

· #web_app_security

Insure File Upload

Insecure file upload is a vulnerability where an application allows the upload of files without proper validation and control. Now there is so many websites and apps use a file upload feature is a standard can be security issue if gone without proper protections in place. In this short write up will demonstrate how to exploit this feature and how give possible recommendations to protect against this vulnerability.

screenshot

After testing to see if I can upload a web shell to gain code execution the web app only allows jpeg and Png images.

Utilizing Burp Suite

After using burp suite to intercept the post request after uploading a webshell I can see all the information. Let’s see what I can change to allow the web app to accept the file. After researching ways to allow a file to upload I was to change the content-type in this case.which doesn’t change the code that is written but tricks the web app code because it thinks its an image from content but not reading the file contents.

screenshot

screenshot

After I tried again it allowed a successful file upload and can gain code execution and upgrade to webshell to a full reverse shell.

screenshot

Remediations for preventing File upload Vulnerability

Allow only certain file extensions: Restrict uploads to file types that are necessary for your application’s functionality.

Set maximum file size and name length: This helps prevent denial-of-service (DoS) attacks caused by the upload of excessively large files.

Allow only authorized users: Ensure that only authenticated and authorized users can upload files