Unrestricted File-Upload
How it works?
A hacker is able to create a malicious PHP file using msfvenom and upload it to a vulnerable server and gain full access, hackers can
- Search for files
- Upload files
- Download files
- Run post exploitation scripts
- execute commands
- Enter a shell
- Replace files
- Upload backdoors
And lots more.
How To Prevent Remote File Upload Vulnerabilities
- Only allow specific file extensions.
- Only allow authorized and authenticated users to use the feature.
- Check any file fetched from the Web for content. Make sure it is actually an image or whatever file type you expect.
- Serve fetched files from your application rather than directly via the web server.
- Store files in a non-public accessibly directory if you can.
- Write to the file when you store it to include a header that makes it non-executable.
Demonstration
If you have any questions please comment below.