If a website allows the user to upload files, it’s usually considered a vulnerability and the server has to do a bunch of checks.
Does it depend on what the server does with the file? If the user uploads a hacking script, but the server is configured to do absolutely nothing with what’s uploaded, how can that script ever run?
And how can a user know what the server is doing with the file? Yeah trial and error, but trial what, and aren’t there countless things to trial?
In: Technology
A lot of servers have simple configuration settings vulnerable to abuse.
The simplest, and perhaps oldest, example is a PHP service. Some web servers default to just running any PHP script a user requests as long as it can reach it. And if it has the ability to receive an upload and save it, then it has the ability to read the script back later.
So I can just write a virus in PHP, upload it, and then try downloading it again. Except the web server will run the script on its own CPU, and run the virus. Tada, vulnerability! And all you had do to prevent it was to make sure only files in certain directories were considered legal scripts in the settings.
As another simple example, if I can upload a file to you and you keep it, then I’m in a position to fill your hard drive with garbage by just uploading lots and lots of stuff. Now you can’t save logs, or send alerts, or run some programs, etc. Things start to break down on the inside with no disk space to work. Maybe the anti-virus doesn’t get updated because there’s no room to save the download.
And finally.. if other users can download the files I upload, then I can just upload a virus… and use your server to give it to future victims and I can remain anonymous and unknown. It’s your site that falls victim to “this site might try to infect your computer!” alerts from the web browser once the internet catches on. And I just move on to find someone else to host my stuff and the cycle continues.
Latest Answers