What Are The Flaws , One Must Care In File Upload
Solution 1:
You probably have a very badly written file upload handler, something that blindly trusts what the user provides, puts the files with the original user-provided filename into a publicly accessible directory within your webroot. In short, your file upload script was the equivalent of a big flashing neon sign blinding "HACK ME!".
e.g., something like this:
<?phpif ($_FILES['file']['type'] == 'image/gif') {
move_uploaded_files($_FILES['file']['tmp_name'], '/some/path/in/your/docroot/' . $_FILES['file']['name']);
}
Things that are wrong here:
- no checking for errors - file uploads can fail for any number of reasons, and not checking for errors is a very bad thing
- The
['type']field is user-provided data - a malicious user can forge that mime type with ease. They can quite easily upload 'somescript.php' but tag it as an image. - Blindly using the
['name']parameter as part of the path you're storing the file in. Again, that is under the control over the user. One malicious user and your server flushes itself down the toilet. - Storing the file in the docroot. So now you're allowing ANY file of ANY type with ANY name to be uploaded. If it's a script, and the location of the file is reachable by URL, you're now allowing remote users to execute ANY code they want on your server.
In short, when dealing with file uploads, you treat the file as a ready-to-explode nuclear bomb that's 0.001 seconds away from detonation. You do not store it with the original file name. You do not store it anywhere the user can get at it. You do not store it with a predictable filename. You do server-side validation on the file. You lift up the file's skirts and look under the hood to make sure it's what it's supposed to be... and even then you still assume it's lying.
Post a Comment for "What Are The Flaws , One Must Care In File Upload"