File Handling

OWASP 2013-A5 OWASP 2017-A6 CAPEC-165 CWE-1219 OWASP PC-C10 WSTG-CONF-03

There are many web applications that are possibly vulnerable to file handling attacks because it fails to properly validate metadata. This may lead to attacks like file inclusion and remote code execution attacks. If an attacker gets access to the file system, he can perform any attacks on the server. The file system attacks can be exploited due to:-

  • Path Traversal attack
  • Insecure permission
  • Insecure Indexing
  • Unmapped files
  • Temporary files
  • PHP include()
  • File upload
  • old and unreferenced files

Impact

The impacts include:-

  • File handling attacks
  • Data Breach

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Edit the source code to ensure that input is properly validated
  • Make a list of accepted filenames and restrict the input to that list
  • Restrict file types accepted for upload
  • Change the permissions on the upload folder so the files within it are not executable.

Latest Articles