File in the hole!

Recommendations

Info

� We don’t need bypass for file upload � Write access in Upload directory is needed � Webserver needs to be configured not FS � Not having execute permission does not help! � Write permission can be prohibited outside � What about Temp/Real Time files/folders? � Still bad if you can upload arbitrary files � It is good to have this to reduce the risk
� AV only blocks malwares/viruses � Web-shell can be obfuscated � AV vulnerabilities can be exploited: � e.g.: Sophos Vulnerabilities by Tavis Ormandy: ▪ 7 th Nov 2012: http://secunia.com/advisories/51156/ ▪ Just upload a file to execute your code ▪ In PHP, you just need to send your file to any PHP file!
Page 1 and 2: File Uploaders Vulnerabilities Hack
Page 3 and 4: � Introduction to Form-based File
Page 5 and 6: 1. Direct File system access and RC
Page 7 and 8: � The most common: � Form-based
Page 9 and 10: POST /samples/upload.aspx HTTP/1.1
Page 11 and 12: � Group A: � Admin level access
Page 13 and 14: � Restricted File Upload: � Val
Page 15 and 16: � Changing the functionality �
Page 17 and 18: � Included libraries are not alwa
Page 19 and 20: � NTFS ADS: � FolderName::$Inde
Page 21 and 22: � Usually File Uploaders have des
Page 23 and 24: � Accessible via web directly?
Page 25 and 26: � Similar to other Web Apps Vulns
Page 27 and 28: Internal External Content-Type (mim
Page 29: � .htaccess, web.config, and so o
Page 33 and 34: � Location in the request: � Fi
Page 35 and 36: � First Step: What is File Extens
Page 37 and 38: � The most common bypass method i
Page 39 and 40: � Overwriting sensitive files is
Page 41 and 42: � “file.php%00.jpg” � It ne
Page 43 and 44: � Detecting malicious code by usi
Page 45 and 46: � Harmless Text… � Gzip Compr
Page 47 and 48: � Directory Traversal to make it
Page 49 and 50: � File duplication issues � Del
Page 51: � Many developers use it as a bas
Page 54 and 55: � There is a logical flaw in CKFi
Page 56 and 57: File Managers include different mod
Page 58 and 59: Any Question?

File in the hole!

Create successful ePaper yourself

Delete template?

Save as template?