SAINTCON 2023 - Jeff Doty - File Upload Attacks Methodology

Key Takeaways

• File uploads are a common vulnerability in web applications, and can be used to achieve remote code execution.
• Understanding what types of files a web app accepts, and how it handles file uploads, is crucial in identifying potential vulnerabilities.
• File name manipulation can be used to bypass certain defenses, such as checking file extensions.
• Content type manipulation can also be used to bypass defenses, and can be used to upload files with unexpected types, such as executable files.
• LFI (Local File Inclusion) vulnerabilities can be used to read the contents of files on the web server, and can be used to execute OS commands.
• PHP files can be used to execute code on the web server, and can be used to achieve remote code execution.
• PDF and SVG files can also be used to execute code on the web server, and can be used to achieve remote code execution.
• Fuzzing can be used to identify vulnerabilities in file upload functionality.
• Using tools like Burp Upload Scanner can help identify potential vulnerabilities in file upload functionality.
• Defense evasion techniques, such as using double extensions and path traversal, can be used to bypass certain defenses.
• Server-side request forgery can be used to execute requests on the web server, and can be used to achieve remote code execution.
• Understanding how the web app processes file uploads, and what types of files it accepts, is crucial in identifying potential vulnerabilities.