File upload vulnerability
File upload vulnerability
When a file is uploaded, if the server-side scripting language does not strictly verify and filter the uploaded file, if a malicious user uploads malicious
When a script file is used, it is possible to control the entire website or even the server, which is the file upload vulnerability.
permission
1. Background permissions: After logging in to the background, you can perform some operations and configurations
2. Website permissions: With the webshell, you can view the source code and other operations
3. Server permissions: You can perform arbitrary operations on the server
Vulnerability classification
1. Improper configuration can directly upload the shell, the HTTP PUT method is enabled
2. File parsing vulnerability leads to file execution, web container parsing vulnerability
3. The local file upload limit is bypassed, and BurpSuite can be bypassed by capturing and modifying the package
4. The server-side filtering is not strict or bypassed, and blacklist filtering is used
5. File path truncation upload, 00 truncation, etc.
6. Open source editor upload vulnerabilities, such as CKEditor (the new version of FCKeditor), eWebEditor vulnerabilities
Conditions of use
1. First, the uploaded file can be interpreted and executed by the web container. So the directory after the file is uploaded should be the path covered by the web container
2. Second, the user can access the file from the web
3. Finally, if the content of the file uploaded by the user is changed by functions such as security checking, formatting, and image compression, the attack may be unsuccessful.
Vulnerability Mining
1. Find the upload point, such as the upload of pictures, attachments, avatars, etc.
2. Find a directory similar to upload and a file similar to upload.php
3. Find the editor directory, such as eWebEdirot, fckeditor, kingeditor, etc.
Common executable file suffixes
Can be used to bypass:
php php2 php3 php5 phtml
asp asa aspx ascx ashx cer
jsp jspx