blob: 98f0a851ac20bac46270f1f5c01d544211cbd4db (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
|
## Exploit
1. In the page to upload images there is no input validation of files uploaded by the user beyond checking for the `Content-Type` header.
1. Upload `yourMom.exe` with `upload.bash`. It will be accepted and the flag printed.
## Fix
- [https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/09-Test_Upload_of_Malicious_Files]()
- [https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/08-Test_Upload_of_Unexpected_File_Types?utm_source=chatgpt.com]()
Input validation for file is very complicated but should go beyond only checking the `Content-Type` header, for example the file extension, or the file content (magic pattern, content pattern etc). Here is a more complete [cheatsheet for file upload from OWASP](https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html).
Even legitimate files might have malicious content!
|
