Skip to content

Update: File Upload Sheet < extension bypass examples and config file abuse #2264

Description

@Vishal-HaCkEr1910

What is missing or needs to be updated?

  1. This cheat sheet already has a couple of extension bypass examples (double extensions, null bytes) ,but a few common ones aren't mentioned.
  • case manipulation in ext.
  • alternative extensions tied to the same interpreter.
  1. The sheet doesn't currently mention that an attacker can upload a web server config file (like .htaccess or web.config) into the upload folder . The existing advice to store files outside the webroot already covers this, so it would just be a short note tying the two together near "File Storage Location".

How should this be resolved?

  1. extension bullet points :
  • Case manipulation, e.g. .pHp , .PHP5 , to bypass case-sensitive blocklist filters
  • Alternative extensions tied to the same interpreter eg. .phtml , .phar , .pht for PHP , or .jsp/.jspx , .asp/.aspx for Java/.NET
  1. And add one short sentence under "File Storage Location" noting that
    server config files (.htaccess, web.config) can be uploaded to change
    how a directory is handled , with the existing "store outside the
    webroot" point .

Happy to send a pr if this is not already covered yet.

Metadata

Metadata

Labels

ACK_OBTAINEDIssue acknowledged from core team so work can be done to fix it.UPDATE_CSIssue about the update/refactoring of a existing cheat sheet.

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions