File-in-the-h-le!课件.pptxVIP

File Uploaders VulnerabilitiesFile in the h le!HackPraNovember 2012Soroush DaliliSecP精品文档About Me – Soroush Dalili精品文档Web Application Security Researcher since 2006Finding vulnerabilities in my spare time:IIS Semi-Colon Problem, IIS ShortFile Scanner, ...My blog: /blog//blog/Twitter: @IRSDLEmail: IRSDL at Yahoo dot comTopic: Security of File Uploaders精品文档Introduction to Form-based File UploadFile Upload VulnerabilitiesProtections and Bypass MethodsBonus zero days in examples!Reported File Upload VulnerabilitiesBased on: /http:/// , Keyword: File UploadMore info: http://goo.gl/NmxpMhttp://http://goo.gl/NmxpMgoo.gl/NmxpM 精品文档What can hackers do?精品文档Direct File system access and RCEPlacing backdoors or making it more vulnerableExploiting Local File Inclusion issuesExploiting server side librariesExploiting server side monitoring toolsUploading phishing pagesHosting dangerous and/or malicious filesHosting illegal contentsDenial of Service by consuming the resourcesDenial of Service by manipulating the filesDamaging website reputation…Web Based File Upload精品文档Easy way to put the files on the serverIncrease business efficiency Uses a simple web browserSharing photos, videos, files, and so onBeing used in most of the modern websites: Social Networks, Mail Systems, Shops, Content Management Systems, Forums, …Client Side File Upload MethodsThe most common: Form-based File Upload in HTML (RFC 1867)Post MethodContent-Type (enctype) = multipart/form-dataOthers:PUT HTTP MethodActiveXJava Applets…精品文档File Upload – Simple Form form method=post enctype=multipart/form-data action=upload.aspxFile Name: input type=file name=myfile / input type=submit value=Upload //form 精品文档Simple Form - Client Sends…POST /samples/upload.aspx HTTP/1.1Host: Content-Type: multipart/form-data; boundary=AB12Content-Length: 1337--AB12Content-Disposition: form-data; name=myfile; filename=test.txtContent-Type: text/plainFile Contents ...--AB12--RFC 1867精品文档File Uploaders Vulnerabilities精品文档Specific Issue