Button1
chatbotAI FAQ Chatbot chat_svgHuman Agent

File Upload Vulnerability and Prevention

Created by - Dhnesh Dhingra ,

Jan. 29, 2021, 10:32 a.m.

An html form upload security breach is a vulnerability in which an attacker uploads a malicious file directly on to the server and it is being executed. An Attacker may have the option to put a phishing page into the site or ruin the site. This will uncover inside information of web servers or domains to other people or to threaten the individual. 

As per wordfence investigation, in the wake of dissecting more than 1599 weaknesses inside 14 months in 2019, File Upload is the third most regular weakness among current weaknesses and it is additionally positioned third. in OWASP in 2007, and in 2019 as indicated by edgescan, File Upload held its situation in the best 10.

 

How to Exploit

 

1. Faking Requests:

Developers use fast client-side filters  to provide faster feedback to users. They use Javascript/Jquery, HTML5 extra to use this mechanism. This would help them to send requests directly to the server. But this loophole can be exploited by

  • Duplicate data through any extension
  • Turn off browser javascript via Chrome’s Developer Tools or any other source
  • Simulate any Fake request submission (Proxify the application and tamper with the request)

 

2. File Type Verification

Each archive or record has a substantial MIME type, which is an identifier comprising of two sections, a sort and a subtype, isolated by a forward slice. Web designers, on occasion, depending on the MIME kind of the transferred document to check if it's a protected record. For a picture transfer application, the permitted MIME types can be picture/jpeg, picture/gif, and picture/png. Presently, we can sidestep this check by basically changing the MIME type through intercepting proxy,  for example, Burp Suite or Tamper Data for Firefox.

 

3. Large Data Files:

Enormous records can prompt different bottlenecks or failures in applications. For instance, aggressors can execute Denial of Service (DDoS) or botnet assaults that transfer numerous enormous documents simultaneously. 

Subsequently, the framework collapses since it doesn't have the ability to execute authentic tasks and huge document transfers simultaneously.

For Example, A Metasploit module exploit was found in the WordPress plugin. It was specifically found on version 7.0.4. In this sploit, the attackers get the ability to upload arbitrary files, like Javascript or any dangerous scripts, and achieve remote code execution on a vulnerable server.

 

How to Fix:

 

1. Allow a specific set of files. Double-check the type, size of the file on frontend and the backend. Validate executables or scripts and white list the file types.

2. Never under any circumstance, ever trust client-side authentications or validations. Continuously attempt to utilize server-side checks. Client-side validations are a joke to the client.

3. Check if Poorly configured BIOS, firewalls, ports, servers, switches, routers, or other parts of the infrastructure are maintained correctly.

4. Transfer records to outer catalogs and stores them outside the webroot. This technique keeps programmers from executing attacks through a site URL.

5. Use Exif information in a file. We can embed a remark that contains a legitimate PHP code that will be executed by the worker when the file is handled.

6. Build multi-steps authentication on major HTML forms on the pages like Login or Profile Update. And configure sessions on each web request.