File Upload Attacks Medium
Arbitrary file uploads are among the most critical web vulnerabilities. These flaws enable attackers to upload malicious files, execute arbitrary commands on the back-end server, and even take control over the entire server and all web applications hosted on it and potentially gain access to sensitive data or cause a service disruption.
Created by 21y4d
Many modern web applications have file upload capabilities, which are usually necessary for the web application's functionality to enable features like attaching files or changing a user's profile image. If the file upload functionality is not securely coded, it may be abused to upload arbitrary files to the back-end server, eventually leading to compromise of the back-end server.
When an attacker can upload arbitrary files to the back-end server, they can upload malicious files, like web shells, which would enable them to execute arbitrary commands on the back-end server. This eventually allows attackers to take control over the entire server and all web applications hosted on it, which makes
File Upload Attacks among the most critical web vulnerabilities.
This module will discuss the basics of identifying and exploiting file upload vulnerabilities and identifying and mitigating basic security restrictions in place to reach arbitrary file uploads.
In addition to the above, the
File Upload Attacks module will teach you the following:
- What are file upload vulnerabilities?
- Examples of code vulnerable to file upload vulnerabilities
- Different types of file upload validations
- Detecting and exploiting basic file upload vulnerabilities
- Bypassing client-side file upload validation
- Bypassing blacklisted and whitelisted extension validation
- Bypassing type and content validation
- Bypassing other basic security restrictions
- Attacking upload forms with limited allowed file types
- Preventing file upload vulnerabilities through secure validation techniques
This module is broken into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.
You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.
As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts presented in each section. You can do this in the
PwnBox provided in the interactive sections or your virtual machine.
The module is classified as "
Medium" and assumes a working knowledge of the Linux command line and an understanding of information security fundamentals. The module also assumes a basic understanding of web applications and web requests. It will build on this understanding to teach how Arbitrary File Upload vulnerabilities work and how to exploit them.
In addition to the above, a firm grasp of the following modules can be considered as prerequisites for the successful completion of this module:
- Linux Fundamentals
- Web Requests
- Introduction to Web Applications
- Using Web Proxies
- Web Attacks
- Intro to File Upload Attacks
- Absent Validation
- Upload Exploitation
- Client-Side Validation
- Blacklist Filters
- Whitelist Filters
- Type Filters
- Limited File Uploads
- Other Upload Attacks
- Preventing File Upload Vulnerabilities
- Skills Assessment - File Upload Attacks
This module progresses you towards the following Paths
Medium 224 Sections
Cubes Required: 1410
The Bug Bounty Hunter Job Role Path is for individuals who want to enter the world of Bug Bounty Hunting with little to no prior experience. This path covers core web application security assessment and bug bounty hunting concepts and provides a deep understanding of the attack tactics used during bug bounty hunting. Armed with the necessary theoretical background, multiple practical exercises, and a proven bug bounty hunting methodology, students will go through all bug bounty hunting stages, from reconnaissance and bug identification to exploitation, documentation, and communication to vendors/programs. Upon completing this job role path, you will have become proficient in the most common bug bounty hunting and attack techniques against web applications and be in the position of professionally reporting bugs to a vendor.
Fundamental 9 Sections
Web applications provide a large potential attack surface and need to be secured properly. A firm grasp of the basics of how applications communicate is critical for anyone interested in learning how to assess and attack web applications.Introduction to Web Applications
Fundamental 17 Sections
In the Introduction to Web Applications module, you will learn all of the basics of how web applications work and begin to look at them from an information security perspective.Using Web Proxies
Easy 15 Sections
Web application penetration testing frameworks are an essential part of any web penetration test. This module will teach you two of the best frameworks: Burp Suite and OWASP ZAP.Information Gathering - Web Edition
Easy 10 Sections
This module covers techniques for identifying and analyzing an organization's web application-based attack surface and tech stack. Information gathering is an essential part of any web application penetration test, and it can be performed either passively or actively.Attacking Web Applications with Ffuf
Easy 13 Sections
Easy 11 Sections
Easy 10 Sections
Medium 17 Sections
Databases are an important part of web application infrastructure and SQL (Structured Query Language) to store, retrieve, and manipulate information stored in them. SQL injection is a code injection technique used to take advantage of coding vulnerabilities and inject SQL queries via an application to bypass authentication, retrieve data from the back-end database, or achieve code execution on the underlying server.SQLMap Essentials
Easy 11 Sections
The SQLMap Essentials module will teach you the basics of using SQLMap to discover various types of SQL Injection vulnerabilities, all the way to the advanced enumeration of databases to retrieve all data of interest.Command Injections
Medium 12 Sections
Command injection vulnerabilities can be leveraged to compromise a hosting server and its entire network. This module will teach you how to identify and exploit command injection vulnerabilities and how to use various filter bypassing techniques to avoid security mitigations.File Upload Attacks
Medium 11 Sections
Arbitrary file uploads are among the most critical web vulnerabilities. These flaws enable attackers to upload malicious files, execute arbitrary commands on the back-end server, and even take control over the entire server and all web applications hosted on it and potentially gain access to sensitive data or cause a service disruption.Server-side Attacks
Medium 19 Sections
A backend that handles user-supplied input insecurely can lead to sensitive information disclosure and remote code execution. This module covers how to identify and exploit server-side bugs. This module introduces Server-Side Request Forgery (SSRF), Server-Side Template Injection (SSTI), and Server-Side Includes (SSI) injection attacks, alongside other server-side vulnerabilities.Login Brute Forcing
Easy 11 Sections
Learn how to brute force logins for various types of services and create custom wordlists based on your target.Broken Authentication
Medium 14 Sections
Authentication is probably the simplest and most widespread measure used to secure access to resources, and it's the first line of defense against unauthorized access. Broken authentication is currently rated #2 on the OWASP Top 10 Web Application Security Risks. A vulnerability or misconfiguration at the authentication stage can have a devastating impact on an application's overall security.Web Attacks
Medium 18 Sections
This module covers three common web vulnerabilities, HTTP Verb Tampering, IDOR, and XXE, each of which can have a significant impact on a company's systems. We will cover how to identify, exploit, and prevent each of them through various methods.File Inclusion / Directory Traversal
Medium 7 Sections
File Inclusion is a common web application vulnerability, which can be easily overlooked as part of a web application's functionality.Session Security
Medium 1 Sections
Maintaining and keeping track of a user's session is an integral part of web applications. It is also a part that needs extensive testing in order to be both robust and secure. This module covers the most common attacks against web application sessions, such as Cross-site Request Forgery and Session Hijacking.Web Service Implementations & Attacks
Medium 1 Sections
Web services are frequently exposed in order to provide certain functionalities through a programmatic way, between heterogeneous devices and software components. They either facilitate the integration between applications or the separation within a given application. This module covers how to identify the functionality a web service offers and also how to exploit any security-related inefficiencies.Hacking WordPress
Easy 16 Sections
WordPress is an open-source Content Management System (CMS) that can be used for multiple purposes.Bug Bounty Hunting Methodology
Easy 1 Sections
Bug Bounty programs encourage security researchers to identify bugs and submit vulnerability reports. Getting into the world of Bug Bounty Hunting without any prior experience can be a daunting task though. This module covers a proven methodology that will help you start Bug Bounty Hunting in a methodical and well-structured way. It's all about effectiveness and professionally communicating your findings.