Attackers use program flaws to bypass the system's verification and processing strategies for files, upload malicious code to the server, and gain the ability to execute server-side commands.
Commonly used attack methods are
- Upload the web script code, and the web container interprets and executes the uploaded malicious script;
- Upload the Flash cross-domain policy file crossdomain.xml, and modify the access rights (the usage of other policy files is similar);
- Upload virus and Trojan files to trick users and administrators into downloading and executing;
- Upload an image that contains a script that is executed by low-level versions of some browsers for phishing and fraud.
In general, the exploited uploaded files are either executable (malicious code) or capable of affecting server behavior (configuration files).
Prevention method
- The file upload directory is set to non-executable
- Determine the file type and set a whitelist.
- For image processing, you can use the compression function or the resize function to destroy the HTML code that may be contained in the image while processing the image;
- Rewrite filename and filepath with random numbers
- One is that it cannot be accessed after uploading
- Then there are files like shell, .php, .rar, and crossdomain.xml, which will be unattackable due to renaming
- Set the domain name of the file server separately
- Due to the browser same-origin policy, a series of client-side attacks will fail, such as uploading crossdomain.xml, uploading XSS exploits containing Javascript, etc. will be resolved.