Vulnerable Code and Mitigation

File Upload Vulnerabilities:

Those websites which accept upload MUST always check the filetype of the uploaded files. Otherwise malicious users can upload various types of executables to the website.

• $_FILES['file']['tmp_name'] − the uploaded file in the temporary directory on the web server.
• $_FILES['file']['name'] − the actual name of the uploaded file.
• $_FILES['file']['size'] − the size in bytes of the uploaded file.
• $_FILES['file']['type'] − the MIME type of the uploaded file.
• $_FILES['file']['error'] − the error code associated with this file upload.
• 
  

Code Snipplet:

// Define the target location where the picture being

// uploaded is going to be saved.

$target = "pictures/" . basename($_FILES['uploadedfile']['name']);

// Move the uploaded file to the new location.

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target))

{

echo "The picture has been successfully uploaded.";

}

else

{

echo "There was an error uploading the picture, please try again.";

}

The problem with the above code is that there is no check regarding type of file being uploaded. Assuming that pictures/ is available in the web document root, an attacker could upload a file with php extension or any other backdoors.

Prevention:

$allowed = array('gif', 'png', 'jpg');

$filename = $_FILES['video_file']['name'];

$ext = pathinfo($filename, PATHINFO_EXTENSION);

if (!in_array($ext, $allowed)) {

    echo 'error';

}

content- type 

Reference:

https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability

Author: Megala Shanmugam is a Researcher and Malware Analyst. Can be Contacted on LinkedIn