File Handling

By
Manieendar Mohan
Published on
19 Jun 2022
Vulnerability

There are many web applications that are possibly vulnerable to file handling attacks because it fails to properly validate metadata. This may lead to attacks like file inclusion and remote code execution attacks. If an attacker gets access to the file system, he can perform any attacks on the server. The file system attacks can be exploited due to:-

  • Path Traversal attack
  • Insecure permission
  • Insecure Indexing
  • Unmapped files
  • Temporary files
  • PHP include()
  • File upload
  • old and unreferenced files

Impact

The impacts include:-

  • File handling attacks
  • Data Breach

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Edit the source code to ensure that input is properly validated
  • Make a list of accepted filenames and restrict the input to that list
  • Restrict file types accepted for upload
  • Change the permissions on the upload folder so the files within it are not executable.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Manieendar Mohan
Manieendar Mohan
Cyber Security Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment