This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Unrestricted File Upload"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
{{Template:Stub}}
 
{{Template:Stub}}
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
 
  
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
+
__TOC__
  
 
[[ASDR Table of Contents]]
 
[[ASDR Table of Contents]]
__TOC__
+
 
 +
 
 +
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
 +
 
  
 
[[Category:FIXME|Stub article, needs review]]
 
[[Category:FIXME|Stub article, needs review]]
Line 101: Line 103:
 
__NOTOC__
 
__NOTOC__
  
 
+
[[Category:Vulnerability]]
 
[[Category:OWASP ASDR Project]]
 
[[Category:OWASP ASDR Project]]
 
[[Category:File System]]
 
[[Category:File System]]

Revision as of 14:17, 9 November 2008

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.


This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


ASDR Table of Contents


Last revision (mm/dd/yy): 11/9/2008


Description

Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step.

The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system, forwarding attacks to backend systems, and simple defacement. It depends on what the application does with the uploaded file, including where it is stored.

There are really two different classes of problems here. The first is with the file metadata, like the path and filename. These are generally provided by the transport, such as HTTP multipart encoding. This data may trick the application into overwriting a critical file or storing the file in a bad location. You must validate the metadata extremely carefully before using it.

The other class of problem is with the file content. The range of problems here depends entirely on what the file is used for. See the examples below for some ideas about how files might be misused. To protect against this type of attack, you should analyze everything your application does with files and think carefully about what processing and interpreters are involved.


Risk Factors

  • Talk about the factors that make this vulnerability likely or unlikely to actually happen
  • Discuss the technical impact of a successful exploit of this vulnerability
  • Consider the likely [business impacts] of a successful attack


Examples

Attacks on application platform

  • Upload .jsp file into web tree - jsp code executed as web user
  • Upload .gif to be resized - image library flaw exploited
  • Upload huge files - file space denial of service
  • Upload file using malicious path or name - overwrite critical file
  • Upload file containing personal data - other users access it
  • Upload file containing "tags" - tags get executed as part of being "included" in a web page

Attacks on other systems

  • Upload .exe file into web tree - victims download trojaned executable
  • Upload virus infected file - victims' machines infected
  • Upload .html file containing script - victim experiences Cross-site Scripting (XSS)


Related Attacks


Related Vulnerabilities


Related Controls


Related Technical Impacts


References

TBD