I created a vulnerable upload app to demonstrate the principles or web security through upload vulnerabilities and validation.
Here is a screencap below of the straightforward code required to perform this exercise:
Once you have a server side script on their server the possibilities are practically endless. Your script could be as simple as retrieving the structure of the files on the server and then creating more scripts which specifically target individual scripts which you just learned the names of. Once an attacker knows the name of at least one file on the server, they could have the potential to uncover all credentials and access any database information they wish to. It is important to understand, that just because one file's contents aren't necessarily a priority for you to keep private, it does not mean that you shouldn't take as much precaution with those files as the others because one vulnerability could open up access to the server as a whole.
The application I experimented with (with the code above) which looks like the screenshot below, made it possible for me to pull down any files I wanted from the webspace it was placed on simply due to the lack of validation. And despite the fact that this upload page didn't have any confidential information, many of the other pages included FTP and Database login information that would not be intended for the public's eyes.
One easier way to preventing executable files from being able to be run on your server is to make sure file permissions are set to read and write only and not execute for any scripts that involve uploading content.
No comments:
Post a Comment