File Upload

The file upload vulnerability on web applications occurs when users can upload files without proper validation, potentially allowing malicious files to be uploaded and executed on the server, leading to unauthorized access, data breaches, or system compromise.

Extensions

PHP

.php
.php2
.php3
.php4
.php5
.php7
.pht
.phpt
.phtm
.phtml
.phps
.phar
.hphp
.module
.inc
.ctp

ASP

.asp
.aspx
.config
.ashx
.asmx
.aspq
.axd
.cshtm
.cshtml
.rem
.soap
.vbhtm
.vbhtml
.asa
.cer
.shtml

• Jsp: .jsp, .jspx, .jsw, .jsv, .jspf, .wss, .do, .action

• Coldfusion: .cfm, .cfml, .cfc, .dbm

• Flash: .swf

• Perl: .pl, .pm, .cgi, .lib

• Coldfusion: .cfm, .cfml, .cfc, .dbm

• Node.js: .js, .json, .node

Filter Bypass

1. Uppercase letters: .pHp, .pHP5, .PhAr

2. Double extension:

   • .png.php

   • .gif.php

3. Null byte:

   • .php%00.gif

   • .php\x00.gif

4. Special chars:

   • file.php%20

   • file.php%0a

   • file.php%0d%0a

   • file.php/

   • file.php.\

   • file.php....

5. Content-Type:

   • Content-Type : image/gif

   • Content-Type : image/png

   • Content-Type : image/jpeg

6. Magic numbers:

   • GIF: GIF8;

   • PNG: \x89PNG\r\n\x1a\n\0\0\0\rIHDR\0\0\x03H\0\xs0\x03[

   • JPG: \xff\xd8\xff

References

https://book.hacktricks.xyz/pentesting-web/file-upload

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files