White Hat Institute

Unrestricted file upload (high-security level)

A similar attack method as in medium-security level can bypass the high-security level restriction on web applications.

File upload

Instead of changing the filename from “image_file.php” to “image_file.php.”, change it to “image_file.php.jpg.” Add an extra image extension to the end of the filename and forward the request.

File upload 46

Once it is submitted, the PHP file will be uploaded successfully. To get a reverse shell connection, set up a multi-handler and click on the “here” hyperlink.

File upload 47

When the PHP file is executed on the server-side, it will create a backdoor and set up a reverse connection with the attacker’s computer providing full root access.

File upload 48

Allowing users to upload executable files such as php, exe, and py is never a good idea. Check the type and extension of the files you’ve uploaded.
Just make the file type you’re looking for. If you want users to be able to upload a profile picture, for example, make sure the extensions are jpg, jpeg, or png and the file type is an image. Enable users to upload only jpg, png, and txt files for their profile picture. Analyze the file and re-create it. Analyze the content of the profile picture, resize it to suit your website, and change the name. They’re using the php-Imagick library to remove metadata and rebuild the image file in the impossible difficulty.

So, double-check the file type and extension, and then recreate the entire image. If a hacker attempts to upload a malicious file, it will be deleted during the recovery process.