AppSecExplained
  • Index < START HERE
    • My courses
    • How to get started from zero
  • 📽️Live Stream Content
    • Resource of the week
  • Discovery / Recon
    • Methodology
    • Content discovery / recon
      • Subdomains
      • Endpoints
      • Parameters
      • Spidering
  • Common vulns
    • SQL injection overview
      • Detection
      • Blind SQLi
      • Second-order SQLi
      • SQLi lab setup & writeups
    • NoSQL injection
    • JavaScript injection (XSS)
      • XSS Methodology
    • File Inclusion
      • Local file inclusion
        • Directory traversal
    • Command injection
    • XXE (XML external entity) injection
      • Blind XXE
    • Template injection
      • Server-side template injection
      • Client-side template injection
    • Authentication
      • Attacking password-based authentication
      • Attacking MFA
      • Authentication lab setup & writeups
    • Cross-Site Request Forgery (CSRF)
    • Insecure deserialization
      • PHP
      • Java
      • Python
      • .NET
    • Server-side request forgery (SSRF)
    • Insecure file upload
    • Clickjacking
    • Open redirect
    • Vulnerable components
    • Race conditions
      • Limit overrun
    • Prototype pollution
      • Client-side prototype pollution
    • APIs
      • API: BOLA
      • API: Broken authentication
      • BOPLA
      • API: BFLA
  • Bypassing controls
    • Rate limiting
    • WAF Bypasses
  • Scripts
    • Docker-compose.yml files
      • Wordpress
      • SQLi testing labs
    • PHP scripts
      • RCE Function Check
    • Wordlists
      • Single characters
      • SQLi
  • Code review
    • Getting started
    • Sinks
  • Links worth your time
    • Practical API Hacking
    • Rana Khalil's Web Security Academy Course
    • Portswigger's Web Security Academy
    • TCM Security Discord
    • PentesterLand Writeups
Powered by GitBook
On this page
  • What is it?
  • Checklist
  • Exploitation

Was this helpful?

  1. Common vulns

Insecure file upload

What is it?

Insecure File Upload vulnerability is when an application allows uncontrolled and unvalidated upload of files. An attacker can exploit this vulnerability to upload malicious files, like web shells, which can lead to code execution, data leakage, or other types of attacks.

A simple example

An application allows users to upload profile pictures without validating the file type and content, or without properly handling the file storage. An attacker can upload a PHP shell script disguised as an image file. When this file is served by the server, the malicious script can be executed.

The impact of insecure file uploads includes:

  • Remote Code Execution (RCE)

  • Data Leakage

  • Server Compromise

Other learning resources:

  • OWASP: https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload

  • Swisskyrepo: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files

Checklist

Exploitation

# Bypass extension filters
# Note: req server misconfig to execute or the ability to rename once it's up
shell.php.jpg

# Null byte injection
shell.php%00.jpg

# Blocklist bypass
shell.php5
shell.phtml
PreviousServer-side request forgery (SSRF)NextClickjacking

Last updated 1 year ago

Was this helpful?