3. Unrestricted File Upload:
Uploaded files represent a significant risk to
applications. The first step in many attacks is to get
some code to the system to be attacked. Then the
attack only needs to find a way to get the code
executed.
4. Risks :
• Complete system takeover
• Overloaded file sytem and database
• Client Side attack
• Defacements
• Cryptomining
• Malwares
8. Common flawed methods of securing upload
forms and their bypass techniques
• No Validation
• Mime-type Validation
• Blacklisting File Extensions
• Double extensions
• Checking the image header
• Protecting upload folder with .htaccess
• Client-side validation
12. Prevention techniques:
• Do not place .htaccess in same directory.
• Upload the files in a directory outside the server root
• Prevent overwriting of existing files.
• Create whitelist of extensions/mime-types
• Generate random filename
• Implement both client and server side validation