Insecure File Upload # 2
This lab shows step-by-step how to exploit a File Upload vulnerability on the Damn Vulnerable Web Application (DVWA) to run arbitrary system commands on the system hosting the vulnerable web application. During this lab, the Security Level of the DVWA is set to MEDIUM.
In this scenario, the application allows users to upload files and it only checks if the value of the HTTP Content-Type request header is one either image/jpeg or image/png. This scenario highlights that this approach is not sufficient to prevent malicious file uploads.
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is intentionally vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Why are File Upload vulnerabilities important?
Many applications implement File Upload functionality to allow users to upload files to the application. However, there are many cases where the file upload functionality allows users to upload and execute malicious files on the server. The consequences of a successful File Upload attack can be devastating due to the fact that they could allow an attacker to execute arbitrary code on the system and gain access to sensitive information.
What you will learn?
- Common vulnerabilities affecting File Upload functionality.
- How to test and identify for such vulnerabilities.
- How to exploit a File Upload vulnerability to gain Remote Code Execute (RCE) on the system hosting the affected application.
- This scenario contains one virtual machine.
- VPN Connection Required: Optional
- This lab can be completed by either connecting to the CR VPN or by simply utilizing the Web Proxy feature.
- The examples demonstrated throughout this scenario are based on Linux.
In order to benefit from this scenario it is recommended you have competence in the following areas:
1. Basic understanding of the HTTP protocol
2. How web applications work behind the scenes
3. How to use an HTTP Intercepting Proxy
4. Basic Linux command line knowledge
About the Author
Marios holds a BSc Computer Science degree from Northumbria University and an MSc degree in Cyber Security from the University of York. He is one of the OWASP Cyprus Chapter Leaders and he is passionate about web application security. He likes to spend his free time mastering his backgammon skills.
- TIME60 MINUTES
- COST10 CRYSTALS