File Upload Vulnerabilities
Explore critical file upload security flaws that allow attackers to upload malicious files and execute code on servers. Learn to bypass extension filters, MIME type validation, and path traversal restrictions.
Introduction to File Upload Vulnerabilities
theoryLearn why unrestricted file uploads are dangerous and common attack patterns.
Introduction to File Upload Vulnerabilities
What are File Upload Vulnerabilities?
File Upload Vulnerabilities occur when an application accepts files from users without proper validation, allowing attackers to upload malicious files (web shells), bypass access controls, or overwrite sensitive files.
Common risks
- Remote code execution (uploading web shells)
- Content-based attacks (malicious scripts disguised as images)
- Path traversal (writing files outside allowed directories)
- Denial of Service (large or numerous uploads)
Typical vulnerable code
// Poor example: saving uploaded file with original filename without validation
filename = request.FILES['file'].name
open("/var/www/uploads/" + filename, "wb").write(request.FILES['file'].read())
Knowledge Check
Which of the following is the best practice to reduce file upload risk?
File Type & Content Validation
theoryUnderstand checks for MIME type, extension and magic bytes, and why each matters.
File Type & Content Validation
File Validation Techniques
- Extension checks: Useful but can be bypassed by renaming files.
- MIME type checks: Based on headers; can be spoofed.
- Magic byte inspection: Checking file signatures is stronger.
- Content scanning: Anti-virus / malware scanning as an additional layer.
Best practices
- Whitelist allowed file types and verify magic bytes
- Store uploads outside the web root and serve via authenticated proxy
- Rename files to server-generated tokens (avoid original filenames)
- Limit file size and enforce quotas
Knowledge Check
Why is checking only file extension insufficient?
Simulation: Upload a Web Shell (Safe Lab)
simulationSimulate uploading a malicious web shell file and demonstrating execution (lab safely simulates execution output).
Simulation Objective
Simulate uploading a malicious web shell file and demonstrating execution (lab safely simulates execution output).
Target
/upload
Scenario
Web shell upload
Simulation: Content-Type Bypass
simulationBypass naive MIME-type checks by uploading a malicious payload disguised as an image.
Simulation Objective
Bypass naive MIME-type checks by uploading a malicious payload disguised as an image.
Target
/upload
Scenario
Mimetype bypass
Simulation: Path Traversal via Filename
simulationExploit improper file path handling to write outside upload directory.
Simulation Objective
Exploit improper file path handling to write outside upload directory.
Target
/upload?path=
Scenario
Path traversal
Secure File Upload Practices
theoryLearn secure practices for file upload systems.
Secure File Upload Practices
Secure File Upload Best Practices
- Whitelist extensions + verify magic bytes
- Store uploads outside web root
- Generate server-side filenames
- Use auth-protected file serving
- Limit upload size
Knowledge Check
Which is NOT a recommended secure upload practice?
File Upload Challenge - Restricted Extensions
simulationServer blocks .php and .jsp — find a bypass.
Simulation Objective
Server blocks .php and .jsp — find a bypass.
Target
/upload
Scenario
Double extension