File Upload

Description

During the scan Kayran managed to find that the option of uploading files to the server is enabled.

An attacker can use this vulnerability by abusing the file upload mechanism to upload Malicious Files. He can also upload Webshells and Trojans to the server. In some cases, attackers can use the infected website to store malicious files in order to spread them further on.

File upload vulnerabilities occurs whenever the server accepts a file without validating it properly, or, in cases where there are no certain restrictions on the server.

Recommendation

Make sure that the files are uploaded only in the format you set for them, and, that they are being checked on the server-side according to the files extensions and their signatures.

References

https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload

< Return to all Vulnerabilities

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »