Unrestricted File Upload

Critical

Description

File upload vulnerability arises when a web server allows users to upload files to its filesystem without any restrictions or validation against things like file content, file type, and size. Failing to apply these restrictions may result that the attacker can upload some malicious files into the web server

Attack Scenario

if an attacker discovers that the upload function doesn't check for file types(such as .php,.jsp,.aspx ) and the server allows these file types to be executed as a code. An attacker can upload a malicious (server-side code) file that operates as a web shell, making him take full control over the server.

if an attacker discovers that there's no validation, this could allow an attacker to overwrite critical files simply by uploading a file with the same name.

if an attacker discovers that the server doesn't check for file size it could lead to a form of denial-of-service (DoS) attack, whereby the attacker fills the available disk space.

Mitigation

  • Check the file extension against a whitelist of permitted extensions and these extensions are necessary for business functionality.
  • Make sure the filename doesn't contain any substrings that may be interpreted as a directory or a traversal sequence (../)
  • Make sure the filename doesn't contain any special characters
  • Rename uploaded files to avoid collisions that may cause existing files to be overwritten.
  • Limit the file size to a minimum and maximum value in order to prevent denial of service attacks
  • Do not upload files to the server's permanent filesystem until they have been fully validated.

ID: 40004