This feature was designed to allow users to upload images only.
To assess the security of the file upload functionality, I began by examining its implementation. I found that the application used both client and server side validation to limit the types of files that could be uploaded to image formats only. I tried multiple techniques to bypass the file upload restrictions, including modifying file names, altering MIME types, and adjusting content-type headers. However, none of these methods were successful in allowing us to upload non-image files.
Next, I also wanted to test the application’s ability to detect and handle potentially malicious files. I attempted to upload thefile, a test file used to verify antivirus software’s effectiveness. However, the application did not accept the .com file format, preventing us from uploading the file.
With some additional research, I came up with the idea of modifying the file’s hex value header to include “FF D8 FF E0”, the header signature for JPEG images. This change was intended to deceive the application into thinking that the file was an image file. Using hexeditor (default in Kali), I was able to do just that.
Afraid that this may invalidate the e***r signature, I uploaded the new file oicanto virustotal to see if it would still be detected as “malicious” by security vendors, and it did. Which makes this still a valid test case.
To assess the security of the file upload functionality, I began by examining its implementation. I found that the application used both client and server side validation to limit the types of files that could be uploaded to image formats only. I tried multiple techniques to bypass the file upload restrictions, including modifying file names, altering MIME types, and adjusting content-type headers. However, none of these methods were successful in allowing us to upload non-image files.
Next, I also wanted to test the application’s ability to detect and handle potentially malicious files. I attempted to upload thefile, a test file used to verify antivirus software’s effectiveness. However, the application did not accept the .com file format, preventing us from uploading the file.
With some additional research, I came up with the idea of modifying the file’s hex value header to include “FF D8 FF E0”, the header signature for JPEG images. This change was intended to deceive the application into thinking that the file was an image file. Using hexeditor (default in Kali), I was able to do just that.
- Downloaded the .com file.
- Opened the file using Hex Editor.
- Added 4 bytes of space at the beginning of the file.
- Populated the new byte spaces with the hex values “FF D8 FF E0” to mimic a JPEG header.
Afraid that this may invalidate the e***r signature, I uploaded the new file oicanto virustotal to see if it would still be detected as “malicious” by security vendors, and it did. Which makes this still a valid test case.
