Validate file type: Ensure that the uploaded file matches the expected file type and size limit. This can be done by checking the file extension or using a file type validation library.
Sanitize file names: Ensure that the file names are sanitized to prevent directory traversal attacks. This involves removing any special characters, whitespace, and other potentially harmful characters.
Store files outside the webroot: Store uploaded files outside of the web application's root directory to prevent them from being executed as scripts..
Implement access controls: Implement access controls to ensure that only authorized users can upload files. This can include requiring authentication, setting permissions, and limiting upload privileges.
Bug: Authenticated - Unrestricted file upload
Description
The
AssetsController::uploadsaveAction
function allows an authenticated attacker to upload any file without extension filtering.Vulnerability Detail
The
uploadsaveAction
function allows an attacker to take full control of the extension and save it toASSETS_IMAGES_TEMP_PATH
Proof of concept
REQUEST:
RESPONSE:
Solution
Acknowledgement
nhienit at bl4ckh0l3 from Galaxy One