Many websites allow users to upload their profile photo, or sometimes also their resume and educational documents in case of Educational institutes or Universities, or address proofs, identity proofs, financial documents, etc. in case of banking websites. Such file upload fields should only accept .png, .jpg, .docx, .pdf files depending on what type of file is expected.
However, due to lack of security measures, sometimes the attacker is able to upload malicious files such as .js, .php, .exe, etc. and also double extensions such as filename.exe.pdf or filename.php.docx where the attacker fools the system by adding the expected extension to a malicious script and succeeds in uploading the file. If a user is able to upload any file type other than the required extensions, it is listed as a ‘Vulnerable File Upload’ vulnerability’.
Once the attacker is successful in uploading a malicious file to the webserver or database and later when that uploaded file gets executed on webserver or database. The hacker can either gain administrative rights on webserver or if hacker has uploaded a .js or .php reverse-shell script then this may lead to unauthorized access to local files as well as system, gaining control over the server or deletion of records, etc.
If the file that is uploaded has the same filename and extension as an existing file on the server, the newly uploaded file may overwrite the previous file. If the attacker succeeds in overwriting a system file, the new file can be used to launch a potentially harmful server-side attack. This may allow the attacker to manipulate the security and privacy settings of the server or stop the functioning of the server entirely.
File upload sometimes restricts the user with a certain file size. If the attacker is able to manipulate the file-size restriction, using an hacking tool, then he might cause a Buffer-overflow or DoS (Denial of Service) attack by uploading an extremely large file size to crash the webserver.