User want facility to upload the file. An attacker take the privilege of this facility to upload the malicious file. It have potential to get malware attack or malicious code. Attacker is aim to execute the malicious code in website. This vulnerability is high severity level.
Attacking in a website through the upload file which contain malicious code it may create some issue:-
· System takeover could happen entirely
· Overloading of a database or a file system could occur
· Back-end systems could even become attacked by such malicious code
· Attacks against clients are also possible
· Simple defacement could be the result as well
· In fact, the effect and its hazardous aspects fundamentally vary according to the application’s reaction towards the file and the place where it stores the file essentially
There are two ways to attack file upload.
1. It involve to type of upload file. The file name is already exit it overwrite the existing file. It is generated some metadata like, path, file name which is provided by HTTP encoding. Malicious data may be overwrite the critical file or bad location. For ex, Attacker upload a file on root folder with the name of…/…//index.php.
2. Attacker can be attacked by malicious file upload involves the content of the uploaded file. The uploaded file could contain malicious code in the form of an exploit, virus, Trojan or malware, which could be used to gain control of the Web server. For example, it is possible to hide PHP code inside an image file and still have it appear to be an image. When the image is opened, it also executes the code hidden in the file.
Attacks on application platform
· Upload .jsp file into web tree - jsp code executed as the web user
· Upload .gif file to be resized - image library flaw exploited
· Upload huge files - file space denial of service
· Upload file using malicious path or name - overwrite a critical file
· Upload file containing personal data - other users access it
· Upload file containing "tags" - tags get executed as part of being "included" in a web page
· Upload .rar file to be scanned by antivirus - command executed on a server running the vulnerable antivirus software
Attacks on other systems
· Upload .exe file into web tree - victims download trojaned executable
· Upload virus infected file - victims' machines infected
· Upload .html file containing script - victim experiences Cross site scripting (XSS).
· Upload .jpg file containing a Flash object - victim experiences Cross-site Content Hijacking.
Solution
Create a white list for accepting MIMIE types. NEVER use a blacklist technique.
Can’t access though the Internet.
Define a .htaccess file that will only allow access to files with allowed extensions.
Do not place the .htaccess file in the same directory where the uploaded files will be stored.
The application should use a whitelist of allowed file types. This list determines the types of files that can be uploaded, and rejects all files that do not match approved types.
The application should use client- or server-side input validation to ensure evasion techniques have not been used to bypass the whitelist filter.
The application should set a maximum length for the file name, and a maximum size for the file itself.
The directory to which files are uploaded should be outside of the website root.
All uploaded files should be scanned by antivirus software before they are opened.
The application should not use the file name supplied by the user. Instead, the uploaded file should be renamed according to a predetermined convention.
Comments