LFGA Web
File upload - Learning section
OWASP definition
First, we have to know the definition so let's read the description and the risk factors of the vulnerability in the OWASP guide: here.
HACKSPLAINING
Now let's do a cool exercise that we can find here. You'll get a different explanation so you can supplement your notes and do a practical exercise.
HACKSPLAINING is a cool site that has very cool examples and exercises so make sure to give a try.
It also has a book that you can find here, which we recommend.
Comprehensive Guide on Unrestricted File Upload.
To finish the learning section we are going to read and try to understand this guide from Raj Chandel's Blog, it's a really good guide and we are going to learn a lot from here.
For your information, this a great blog you can find a lot of articles and write ups.
You can find the blog here.
Before you start.
- Really try to read and understand everything.
- Take notes.
- Everything is important.
The activity.
Here is the guide.
After the activity.
You now know:
- What unrestricted file upload is.
- The impact of unrestricted file upload.
- How to perform a basic file upload attack.
- How to bypass the content-type restriction.
- How to perform a double extension file upload.
- How to bypass an image size validation.
- How to bypass a blacklisted extension file upload.
That's all!
The vulnerability seems to be very easy to exploit, but there are still many alternatives.