📖
NOTES
  • Welcome!
  • Reference
    • Hacking
      • Penetration Testing Resources Bookmarks
        • Research Links
        • Cheat Sheet
        • Learning/Training
        • Tools
        • Payloads
        • Shell
        • AI
        • Reads
        • Podcast
        • Social Engineering
        • Payloads
      • Web/App Pentesting
        • SQL Injection
          • SQL Injection In The URL
          • SQL Injection In The Search Field
          • SQL Injection in Login forms
          • Boolean SQL Injection Blind
          • Time based SQL Injection Blind
          • Bypassing SQL Filters
          • SQL Injection with sqlmap
          • XPath Injection - Authentication Bypass
            • XPath Advanced Data Exfiltration
          • Payloads
        • XSS
          • Payloads
          • XSS Reflected
          • XSS Stored
          • Dom-based
          • Blind
        • Command Injection
          • Payloads
        • File Upload
          • Payloads
          • Bypass Filters
          • File Upload Tricks
        • SSRF
          • Payloads
        • LFI/RFI
          • Payloads
        • LDAP Injection
      • Port Swigger
        • Access control
          • Lab: Unprotected admin functionality
          • Unprotected admin functionality with unpredictable URL
          • User role controlled by request parameter
          • User ID controlled by request parameter, with unpredictable user IDs
          • User ID controlled by request parameter with password disclosure
        • Authentication
          • Username enumeration via different responses
        • Server-side request forgery (SSRF)
          • Basic SSRF against the local server
          • Basic SSRF against another back-end system
        • File Upload Vulnerabilities
          • Remote code execution via web shell upload
        • SQL Injection
          • SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
      • Burp
        • Setting up Macro for intruder
      • ☁️Cloud
        • Tools
        • AWS
          • 🪣S3 Buckets
          • Amazon IAM
          • Dockers
            • Tools
        • Azure
        • GCP
      • Networking
        • Cheat Sheet
      • Hardware Hacking
        • Computer BIOS
    • HTML/CSS/JAVA
      • Tools
      • HTTP Response Status Codes
      • Bootstrap Templates
      • SSL
      • cURL
      • Grep
    • DataBase
      • My SQL
        • Cheat Sheet
        • Tools
    • PYTHON3
      • Code Resources
      • Python Reference Guide
        • Cheat Sheet
      • Code Projects
        • Jiggler Mouse
        • loan calculator
        • Bilnd LDAP Data Exfiltration
    • SEO
      • Tools
      • On-Page SEO
      • Local SEO and Keyword Research
      • Content Optimization
      • Technical SEO
      • Off-Page SEO Tools
      • Google Ads
    • Cloud
      • AWS
        • Light Sail
          • Hosting Website on Light Sail and Namecheap
        • Boto3
      • Azure
      • GCP
    • Files
      • PDF
Powered by GitBook
On this page
  1. Reference
  2. Hacking
  3. Web/App Pentesting

File Upload

Study Note: File Uploads in Web Development

  1. Targeting Safe File Types for Uploads:

    • Images: Exploit image processing vulnerabilities or hide malicious code in image metadata.

    • Documents: Embed malicious macros or scripts in .pdf, .docx, .xlsx, .pptx files, especially if macro scanning is weak.

    • Audio/Video: Insert malicious code into media files, exploiting vulnerabilities in media players.

    • Text Files: Manipulate .csv, .json, .xml files to include harmful scripts or malformed data that can trigger vulnerabilities.

  2. Bypassing Security Measures:

    • MIME Type and File Extension Validation: Use file type and extension spoofing to bypass filters.

    • Content Scanning: Upload files with obfuscated or encrypted malicious code to evade antivirus detection.

    • Size Limitations: Compress or split malicious files to fit size limitations.

    • Secure Storage: Exploit directory traversal vulnerabilities to access or execute files stored outside the web directory.

    • Database Tracking: Manipulate or erase database records to avoid detection and tracking.

  3. Exploiting High-Risk File Types for Uploads:

    • Executable and Script Files: Upload .exe, .bat, .jar, .php, .js, .asp, .py files to execute code on the server or client.

    • Macro-Enabled Documents: Create documents with harmful macros to compromise systems.

    • Archives: Package a mix of risky file types in .zip, .rar, .tar files to bypass simple file type checks.

    • Web Files: Embed XSS vectors in .html, .svg, .xml files.

    • System and Configuration Files: Upload .dll, .sys, .htaccess files to alter system configurations.

  4. Circumventing Mitigation Strategies:

    • Rigorous Validation: Identify and exploit weaknesses in server-side validation logic.

    • Antivirus Scanning: Utilize zero-day exploits or rapidly evolving malware to avoid detection.

    • User Awareness: Phish users to upload malicious files themselves.

    • Access Control and Isolation: Identify and exploit vulnerabilities in access control mechanisms or isolation strategies.

PreviousPayloadsNextPayloads

Last updated 1 year ago