File Upload
The file upload vulnerability on web applications occurs when users can upload files without proper validation, potentially allowing malicious files to be uploaded and executed on the server, leading to unauthorized access, data breaches, or system compromise.
Extensions
PHP
ASP
Jsp:
.jsp, .jspx, .jsw, .jsv, .jspf, .wss, .do, .action
Coldfusion:
.cfm, .cfml, .cfc, .dbm
Flash:
.swf
Perl:
.pl, .pm, .cgi, .lib
Coldfusion:
.cfm, .cfml, .cfc, .dbm
Node.js:
.js, .json, .node
Filter Bypass
Uppercase letters:
.pHp, .pHP5, .PhAr
Double extension:
.png.php
.gif.php
Null byte:
.php%00.gif
.php\x00.gif
Special chars:
file.php%20
file.php%0a
file.php%0d%0a
file.php/
file.php.\
file.php....
Content-Type:
Content-Type : image/gif
Content-Type : image/png
Content-Type : image/jpeg
Magic numbers:
GIF:
GIF8;
PNG:
\x89PNG\r\n\x1a\n\0\0\0\rIHDR\0\0\x03H\0\xs0\x03[
JPG:
\xff\xd8\xff
References
https://book.hacktricks.xyz/pentesting-web/file-upload
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files
Last updated