How to fix file upload vulnerability of web applications | Web pentesting | VAPT Pentesting Services | cyber security whitepapers | Pune Mumbai Hyderabad Delhi Bangalore Ahmedabad Kolkata India Dubai Bahrain Qatar Kuwait Singapore Australia USA UK Germany Croatia Botswana Mauritius

What is the impact of this attack?

Once the attacker is successful in uploading a malicious file to the webserver or database and later when that uploaded file gets executed on webserver or database. The hacker can either gain administrative rights on webserver or if hacker has uploaded a .js or .php reverse-shell script then this may lead to unauthorized access to local files as well as system, gaining control over the server or deletion of records, etc.

If the file that is uploaded has the same filename and extension as an existing file on the server, the newly uploaded file may overwrite the previous file. If the attacker succeeds in overwriting a system file, the new file can be used to launch a potentially harmful server-side attack. This may allow the attacker to manipulate the security and privacy settings of the server or stop the functioning of the server entirely.

File upload sometimes restricts the user with a certain file size. If the attacker is able to manipulate the file-size restriction, using an hacking tool, then he might cause a Buffer-overflow or DoS (Denial of Service) attack by uploading an extremely large file size to crash the webserver.

How to secure your system against such attacks?

White-listing : You can white-list the allowed file extensions so as to filter-out the malicious scripts or other executable file on both i.e. client as well a server side

Client and Server-side verification of uploaded file: Verifying the filename and extension being uploaded for the allowed formatfrom the client-side is the same as the one being saved on the server-side will ensure that attacker is not able to intercept the request and change the filename or extension.

Restricting the name-length and file-size: Imposing restrictions on the name-length and file size will help to prevent a DoS attack.

Storage location of the uploaded files : The files uploaded by the user should be stored in a separate directory outside the Webroot or the public directory of the website. This will ensure that even if the attacker succeeds in uploading a malicious file, he will not be able to execute it using a web URL.

Error Handling for Wrong File Upload: While displaying errors for wrong file uploads, directory paths should be excluded so that the attacker does not gain access to the server using directory traversal attacks.

Scanning the files for malware and other malicious content : All uploaded files should be scanned for malware and other malicious scripts before saving them to the desired location.