Understanding File Upload Vulnerabilities in Web App Penetration Testing | 2023
Unraveling the Intricacies of File Upload Vulnerabilities in Bug Bounty Hunting | Karthikeyan Nagaraj
6 min readSep 20, 2023
What are file upload vulnerabilities?
- File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size.
- Failing to properly enforce restrictions on these could mean that even a basic image upload function can be used to upload arbitrary and potentially dangerous files instead. This could even include server-side script files that enable remote code execution.
What is the impact of file upload vulnerabilities?
The impact of file upload vulnerabilities generally depends on two key factors:
- Which aspect of the file the website fails to validate properly, whether that be its size, type, contents, and so on.
- What restrictions are imposed on the file once it has been successfully uploaded.
In the worst case scenario, the file’s type isn’t validated properly, and the server configuration allows certain types…