Unrestricted File Upload Vulnerability Bypass in Web Applications

Listen to this Post

🚨 Vulnerability Reported: Unrestricted file upload vulnerability bypass 🚨

Bounty: $$$

Platform: Synack

I recently discovered a vulnerability involving unrestricted file uploads. 🚩 The target application had an uploader that strictly allowed only image (.png) and PDF (.pdf) files. Attempts to upload files like .exe, .html, and other formats were correctly blocked based on file headers. 📂🛡️
💡 However, I bypassed the restriction using the following steps:
1️⃣ I took a legitimate PDF file and modified it as follows:
[plaintext]
%PDF-1.3
1 0 obj
<<

File Upload Worked


MORE MALICIOUS CODE

>
startxref
546
%%EOF
[/plaintext]
2️⃣ I intercepted the upload request and changed the file extension from .pdf to .html.

3️⃣ Surprisingly, the file was uploaded successfully. 🎯

Unfortunately for attackers, the file was not executed on the server and only prompted a download when accessed via the URL.

**Practice Verified Codes and Commands:**