In this article, we are going to learn about one more attack vectors in detail which are very important to learn in this world of lots of Web and Mobile Apps.
File Upload Vulnerability:
In almost every web application there is functionality for uploading file. This file maybe in form of text, video, image ,etc. However many web application dose not have proper security check during uploading files and this results in vulnerability called File Upload Vulnerability. This one simple vulnerability leads to server side side scripting, arbitrary code execution, cross site scripting, CSRF attacks.
Even though some application have proper check on uploading files but still these security checks has bypass method to exploit this vulnerability these bypass are as following –
1. Case sensitive extension bypass: Web/Mobile application developer may add a blacklist of certain extension which are harmful according to developer. But sometime developer forgot whether their extension security check is case sensitive or not and anyone can bypass security check by making extensions of file as combination of lowercase and uppercase character to bypass security checks. As a developer it is good practice to check extension verification always consider the case sensitivity of file extension. Example: .PDf, .XmL, .Sh, php.
2. Image content Verification bypass: As a security concern developer always check the content of image to match with one of the valid file type. In PHP there are may functions to validate file one of the function is get getimagesize() this function basically read the file and return size in case of invalid file returns error message. There are techniques which can bypass this protection. Consider following code which upload a file.
Attacker can bypass the such checks by embedding PHP code inside the comment section of JPG file and after that upload file with .php extension this can easily bypass the checks mentioned in above code. There are more techniques also available for File verification bypass as a developer always take care of all these bypasses during implementing feature of file upload.
Pixel Flood Using Malicious Image File:
This is sub attack under the File Upload Vulnerability, this attack mainly exploit the method of image parsing. During performing this attack malicious user take a valid JPG or JPEG file with the original dimension then attacker change the dimension of image to very large scale like 1000000 ×1000000 by using some automated tool by uploading such large file image parser allocate very large memory to it and results into server crash or out of memory situation.
Malicious zTXT field of PNG files:
The PNG file format contain a section, called zTXT, that allows zlib compressed data to be added to a PNG file. The technique here is that a large amount of repeated data, such as a series of zeros, are created, weighting over 70MB and then are DEFLATE compressed through zlib, resulting in compressed data of a few KBs. This is then added to the zTXT section of any regular PNG file. Sending repeated requests of this kind causes similar memory exhaustion like we’ve seen in the previous two examples. This issue affected the Paperclip gem as well.
Malicious GIF file – frame flood:
This technique is similar to the previous technique, a malicious GIF is used to allocate a large amount of memory, eventually use the large amount of server memory. A GIF file contains a set of animations in the form of various image frames. Instead of flipping the pixels, we add a very large of amount of GIF frames, say 45,000-90,000. When parsing each frame, memory is allocated and eventually chokes up the server.
How To Avoid File Upload Vulnerability:
- Always check the extension of file with their case sensitivity.
- Filter the content of file before uploaded on server.
- Don’t give the executable permission to uploaded file.
- Always store the uploaded file in non public directory.