Harsh Bothra Profile picture
Apr 11 9 tweets 2 min read
#SecurityExplained S-101: CWE Top 25:
CWE-434: Unrestricted Upload of File with Dangerous Type

The software allows an attacker to upload or transfer harmful data that can be processed automatically within the product's environment.

1/
2/

This flaw could affect any software that allows users to upload files.

The arbitrary file upload weakness concerns improper or missing file type validation when uploading files.
3/

This flaw happens when an application fails to validate or verifies files incorrectly before uploading them to the system. This flaw is language independent. However, it is most common in ASP and PHP-based apps.
4/

If a user interprets and executes an uploaded file as code, arbitrary code execution is possible.
5/

This is especially true for files with the .asp and .php extensions uploaded to web servers because these file types are frequently viewed as executable by default, even if the file system permissions do not specify execution.
6/

In Unix systems, for example, programmes can't run until the execute bit is set. In contrast, PHP programmes can be run by the webserver without calling them directly on the operating system.
7/

# Potential Impact:
• An attacker might upload and run arbitrary code on the target machine, resulting in the execution of arbitrary HTML and script code or a system compromise.

# Mitigation:

• When possible, save uploaded files somewhere other than the webroot directory.
8/

• Instead of using the user-supplied filename, generate a new, unique filename for an uploaded file without external input.
• Define a small number of acceptable filename extensions and only generate filenames with these extensions.
9/

• When necessary, ensure that only files with allowed extensions can be directly accessed from the upload directory; for example, if a directory should only contain images, block access to any PHP/ASP files.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Harsh Bothra

Harsh Bothra Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @harshbothra_

Apr 11
12 Free Practice Labs to Master SQL Injection

🧵
1/

1. Audi SQLi Labs

github.com/Audi-1/sqli-la…
2/

2. Portswigger SQL Injection Lab

portswigger.net/web-security/s…
Read 15 tweets
Apr 10
#SecurityExplained S-100: CWE Top 25:
CWE-306: Missing Authentication for Critical Function

The software does not perform any authentication for functionality that requires a verified user identification or uses a considerable number of resources.

1/n
2/n

This vulnerability is frequently introduced during the architecture and design phase of the application development process.
3/n

A critical vulnerability in the online interface of McAfee Advanced Threat Defense is a real-world example of such a problem (CVE-2017-4052).
Read 11 tweets
Apr 9
#SecurityExplained S-99: CWE Top 25:
​​​​CWE-190: Integer Overflow or Wraparound

🧵
1/

When the logic thinks that the final value will always be more significant than the original value, the software runs a calculation that can result in an integer overflow or wraparound.
2/

When the calculation is utilized for resource management or execution control, this can introduce other flaws.
Read 12 tweets
Apr 1
14 Payload Repositories to find all the required Payloads & Attack Vectors.

🧵
1/

1. Payloads All The Things

github.com/swisskyrepo/Pa…
2/

2. Payload Box
github.com/payloadbox/
Read 16 tweets
Apr 1
#SecurityExplained S-91: CWE Top 25:
CWE-611: Improper Restriction of XML External Entity Reference

1/n
2/n

When an application executes an XML document that contains entities pointing to external URIs, CWE-611 vulnerabilities can occur.
3/n

These URIs resolve to assets outside the application's control, resulting in potentially dangerous execution of activities prescribed by the external assets.
Read 14 tweets
Mar 31
#SecurityExplained S-90: CWE Top 25: CWE-918: Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and obtains its contents, but it does not check that the request is routed to the correct destination.

1/n
2/n

Malicious parties can use CWE-918, also known as server-side request forgeries (SSRF), to trick a server into making requests to obtain access to internal infrastructure, sensitive data, and more.
3/n

The use of URLs helps identify the attack surface for SSRF. Although sanitization and allow lists are two more effective techniques available, they can be challenging to manage.
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(