Member-only story
File upload is a function commonly founded in web app. You may find it in social network app, job seeking app etc. Also, it is one of the areas that developers would overlook. This article mainly introduces what common bugs can be founded in file upload functions. So, let’s begin:
File Upload IDOR
This is one of the most common yet overlooked vulnerabilities by developers. For example, if you are able to upload a file and post request is like below:
POST /uploads/12345/file=profile.jpg
Suppose 12345 is your user id, you may try the old school IDOR check by just amending the userid to victim’s one (e.g. 23456). You may check if your jpg file would be uploaded to victim’s account.
This kind of bugs normally wont classified as a critical one. Because the most impact you could create is just changing victim’s profile pics or upload a ridiculous CV for victim in a jobs seeking website.
So, if you experience this case, you may try to escalate by changing POST to DELETE. See if you can delete victim’s asset. If so, the severity level of the bug would be increased.
Filename XSS
Apart from firing XSS payload into search box, have you ever tried to injecting…
