Skip to main content

How to Approach Web Application Vulnerability Assessment using Burp Community | Part - 3 | Audit Guidelines | High Impact Web Vulnerability | RCE

Web application file upload RCE are very common and multiple bypasses for the existing mitigations are available. In this part-3 of blog series of how to check the web application vulnerability with Burp Community Edition, I will cover one of the bypass technique. This blog will be very helpful while performing the web application security assessment( VAPT) manually. In this part of the blog, we will cover a file upload vulnerability with High impact severity. Please refer the audit guidelines below


Audit Guideline

Concept- Linux has a file name restriction of 255 characters/bytes. If you attempt to create a file that has more than 255 characters in its name, then it will truncate the characters after that 255 characters. So now we have to upload a file named like this:

fffffffffff......fffffffffff.php.jpeg


where the length of green highlighted part is exactly 255. Uploading this would bypass the extension restriction at the client and server end, but when storing the file at server, that .jpeg will get removed from file name, leaving behind a .php shell file uploaded successfully.




[Disclaimer - For Education Purpose - Case study, attacks' scenarios and audit guidelines on vulnerabilities]

Popular posts from this blog

Start from 0 to Zero Day in cyber security world | Cyber Security Common Terms | Introduction

"Today I have read Hacker attacked the cyber security world with new attack. Who is Hacker? What is cyber security?" These type of news is very common now-a-day and same question comes to your mind. So this article is for newbie like you or person who want to know cyber security from scratch and related words or terms used. (This list will be updated regularly)