Listen to this Post
🚨 Vulnerability Reported: Unrestricted file upload vulnerability bypass 🚨
Bounty: $$$
Platform: Synack
I recently discovered a vulnerability involving unrestricted file uploads. 🚩 The target application had an uploader that strictly allowed only image (.png) and PDF (.pdf) files. Attempts to upload files like .exe, .html, and other formats were correctly blocked based on file headers. 📂🛡️
💡 However, I bypassed the restriction using the following steps:
1️⃣ I took a legitimate PDF file and modified it as follows:
[plaintext]
%PDF-1.3
1 0 obj
<<
File Upload Worked
MORE MALICIOUS CODE
>
startxref
546
%%EOF
[/plaintext]
2️⃣ I intercepted the upload request and changed the file extension from .pdf to .html.
3️⃣ Surprisingly, the file was uploaded successfully. 🎯
Unfortunately for attackers, the file was not executed on the server and only prompted a download when accessed via the URL.
**Practice Verified Codes and Commands:**
- Intercepting Upload Requests with Burp Suite:
Use Burp Suite to intercept and modify file upload requests.</li> </ul> <h1>Start Burp Suite</h1> java -jar burpsuite.jar
– Modifying File Headers:
Use a hex editor to modify file headers to bypass restrictions.<h1>Install hexedit</h1> sudo apt-get install hexedit <h1>Open file in hexedit</h1> hexedit malicious_file.pdf
– Testing File Upload Vulnerabilities:
Use tools like OWASP ZAP to test for file upload vulnerabilities.<h1>Start OWASP ZAP</h1> zap.sh
– Server-Side File Execution Prevention:
Ensure server-side scripts are not executed by configuring web server settings.<h1>Apache configuration to prevent execution</h1> <FilesMatch "\.(php|html|js)$"> SetHandler None </FilesMatch>
**What Undercode Say:**
File upload vulnerabilities are a common issue in web applications, often leading to severe security risks if not properly mitigated. In this case, the vulnerability allowed an attacker to bypass file type restrictions by modifying file headers and extensions. While the file was not executed server-side, it could still be used as a malicious file storage, potentially impacting users who trust the source.
To prevent such vulnerabilities, developers should implement strict file type validation, both on the client and server sides. Additionally, using tools like Burp Suite and OWASP ZAP can help identify and mitigate such issues during the development and testing phases.
For further reading on securing file uploads, refer to the following resources:
– OWASP File Upload Cheat Sheet
– Burp Suite Documentation
– OWASP ZAP User GuideBy following best practices and utilizing the right tools, developers can significantly reduce the risk of file upload vulnerabilities in their applications.
References:
Hackers Feeds, Undercode AI



