HTML tutorial русский HTML tutorial english HTML tutorial عربي
0 0
Read Time:2 Minute, 57 Second

upload vulnerability is one of the most important things you need to check in your website.

having these kind of exploits is so dangerous because the attackers well upload backdoors to your server using your upload scripts .

lets say you have a contact us page or a website with members and any registered user can upload an avatar or photo

upload a backdoor script to your website using your upload scripts is the first thing attackers will try

you will think that your script only allow photos file formats to be uploaded but there is so many several ways to bypass that .

for example attackers can upload a php backdoor in .jpg format and while the backdoor.php.jpg file is uploading they edit the http headers using several software’s

this software will send a the edited packet to your server and fool your script !

one of the software’s is burp suite

Burp Suite is a leading range of cybersecurity tools, brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research.

upload vulnerability

we will talk more about upload vulnerability and how to find and fix it using burpsuite

in other ways there is some servers that will run several formats as php !

for example : the script in the site is only allow you to upload .gif file format . what attackers do is uploading for example backdoor.php.gif5 file , and some servers run this file as PHP script  !!!!

the problem is the script not fully secure , the script analyses the file and see .gif and seems to be okay

there is an example for an upload exploit using this kind of ways here 

there is professional ways to test your site and see if you have the upload vulnerability

I RECOMEND YOU to talk to web security professional , but you can try some ways on your own

lets say your site have a members , and in the member profile  page any member can upload a photo as a profile picture ,

go there and try to upload text file , if the file uploaded successfully , that means you have a dangerous  upload vulnerability  in your website

you can do small step to secure it while you calling a security professional to fix if you using apache server

the thing you can do is to go to you cpanel and upload .htaccess file in you upload direction

.htaccess (hypertext access) is a hidden file used to configure additional features for websites hosted on Apache Web Server. With it, you can rewrite URL, password-protect directories, enable hotlink protection, disallow access to specific IP addresses, change your website’s time zone or alter default index page, and much more.

.htaccess is a hidden file so in your cpanel file manager check see hidden files  to see if you already have .htaccess there

upload vulnerability

go to the upload direction : the direction that your script store your members photos and avatar ,

how to find the direction ?

go to any member page of your page and right click the avatar photo for example and chose image link and browse it in new tap

you will have like this example www.yourwebsite.com/uploads/members/

go there and make .htaccess file and put this lines on it

<Files ~ "\.(jpg|jpeg|png|gif)$">
   order deny,allow
   allow from all
</Files>

 remember that this way is good as temporary fix , you should do it and call web security professional

this way help you temporary fix it

read more about web security here

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

One thought on “understanding the upload vulnerability and how to fix and secure your site

Leave a Reply

Your email address will not be published. Required fields are marked *

Close