Web Security intermediate 50 mins

File Upload Vulnerabilities

Explore critical file upload security flaws that allow attackers to upload malicious files and execute code on servers. Learn to bypass extension filters, MIME type validation, and path traversal restrictions.

Hands-on Labs
Real-world Scenarios
Immediate Feedback
1

Introduction to File Upload Vulnerabilities

theory

Learn why unrestricted file uploads are dangerous and common attack patterns.

Introduction to File Upload Vulnerabilities

What are File Upload Vulnerabilities?

File Upload Vulnerabilities occur when an application accepts files from users without proper validation, allowing attackers to upload malicious files (web shells), bypass access controls, or overwrite sensitive files.

Common risks

  • Remote code execution (uploading web shells)
  • Content-based attacks (malicious scripts disguised as images)
  • Path traversal (writing files outside allowed directories)
  • Denial of Service (large or numerous uploads)

Typical vulnerable code


// Poor example: saving uploaded file with original filename without validation
filename = request.FILES['file'].name
open("/var/www/uploads/" + filename, "wb").write(request.FILES['file'].read())

Knowledge Check

Which of the following is the best practice to reduce file upload risk?