https://www.acunetix.com/websitesecurity/upload-forms-threat/
https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload
Some way to create vulnerability files like image with PHP code in comments, descriptions ...
ImageTragick!
https://help.shopify.com/en/manual/orders/fraud-analysis
Beating getimagesize()
The getimagesize() function will check if it is an image and will check “mime” to verify image type.
Insecure Configuration :
<FilesMatch ".+\.ph(p([3457s]|\-s)?|t|tml)"> SetHandler application/x-httpd-php </FileMatch>
Secure Configuration :
<FilesMatch ".+\.ph(p([3457s]|\-s)?|t|tml)$"> SetHandler application/x-httpd-php </FileMatch>
If the service is up an running with the Insecure Configuration, any one can beat the getimagesize function by writing comments in GIF file.
For that an end user need to install an utility in Kali/Ubuntu OS named ‘gifsicle’
For Kali Linux : apt-get install gifsicle For Ubuntu : sudo apt-get install gifsicle
Once installed, the below commands will help writing the commands in gif file.
gifsicle < mygif.gif -- comment "
<?php echo ‘Current PHP version: ‘ . phpversion(); ?>
” > output.php.gif
...
Wow, my excitement for Kali, Backtrack Linux surface back !
https://stackoverflow.com/questions/8063057/convert-this-string-to-datetime
$date = date_create_from_format('d/m/Y:H:i:s', $s);
$date->getTimestamp();
curl --location --request POST 'yoursite.local/api/uploadArrivalFile' \
--header 'username: api_user' \
--header 'password: api_pass#1234' \
--header 'Cookie: ci_session=9f12ea18b74bcb7a5c412492ffbc5809cb7d4ac8' \
--form 'file_upload=@"/C:/Users/kkk/Documents/stg-price-256-err.PNG"'
=> By using Postman, I can see what parameter have to pass in curl in order to send file.
=> It is form parameter.
'file_upload' => curl_file_create($filePath)
Comments
Post a Comment