Jump to content

[SOLVED] Test my Upload...

Guest Xanza

By Guest Xanza
in Beta Test Your Stuff!

 Share

Recommended Posts

darkfreaks Advanced Member

darkfreaks

Posted
Posted

Vulnerability description

By this form input is possible to upload a file to the server.

This vulnerability affects /upload/index.php.

The impact of this vulnerability

User may upload malicious files to server.

 

How to fix this vulnerability

Check if the script inputs are properly validated.

 

Vulnerability description

HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.

This vulnerability affects Web Server.

The impact of this vulnerability

Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.

How to fix

 

use .htacess to rewrite the method

 

 

Guest Xanza

Guest Xanza

Posted
Posted
do you check for extensions make sure extensions like .php exe and .js are not allowed Huh

 

Yes I do. :)

 

<?php
/**
* @author Xanza
* @copyright 2007
*/

$upload_name = "Image Uploader v1"; //title
$upload_dir = "uploads/"; //upload save directory
$size_bytes = "5243000"; //max upload
$type = array(".gif",".jpg",".jpeg",".png",".psd");  //mimetypes...

?>

Guest Xanza

Guest Xanza

Posted
Posted 

<?php
if(isset($_POST['upload_form'])) {
    echo "<h3>$upload_name</h3>";
    $new_file = $_FILES['file'];
    $file_name = $new_file['name'];
    $file_name = str_replace(' ', '_', $file_name);
    $file_tmp = $new_file['tmp_name'];
    $file_size = $new_file['size'];
    if(!is_uploaded_file($file_tmp)) {
        echo "File: None selected.<br>";
    } else {
        $ext = strrchr($file_name, '.');
        if(!in_array(strtolower($ext), $type)) {
            echo "File: ($file_name) Wrong File Extension. <br>";
        } else {
            if($file_size > $size_bytes) {
                echo "File: ($file_name) Failed to Upload. File Must be $size_bytes or less. <br>";
            } else {
                if(file_exists($upload_dir . $file_name)) {
                    echo "File: <a href='$upload_dir$file_name'>$file_name</a> has already been uploaded!<br>";
                } else {
                    if(move_uploaded_file($file_tmp, $upload_dir . $file_name)) {
                        echo "File: " . $file_array['name'] . " Uploaded.<br>";
                        echo "<h0> <a href=$upload_dir$file_name>Click here for your file.</a></h0><br>";
                    } else {
                        echo "File $i: ($file_name) Failed to Upload.<br>";
                    }
                }
            }
        }
    }
    echo "<br><h0> <a href='./index.php'>Upload Another</a></h0>";
}

?>

 

Yup. I do. :D

 

*I added <?php and ?> so you could have syntax highlighting. :)

darkfreaks Advanced Member

darkfreaks

Posted
Posted

 

Vulnerability description

This script is possibly vulnerable to SQL/XPath Injection attacks.

 

SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters.

 

This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.

 

XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.

This vulnerability affects /upload/index.php.

The impact of this vulnerability

An unauthenticated attacker may execute arbitrary SQL/XPath statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information.

Attack details

The POST variable file is vulnerable.

 

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.