File Upload

Unrestricted File upload to RCE

3 min readJun 9, 2021

Hello everyone, today I’m gonna talk about the File upload vulnerability and exploitation which leads to RCE. Before we go to the attacks scenario let’s have a quick revision what it is?

What is File Upload Vulnerability?

A local file upload vulnerability is a vulnerability where an application allows a user to upload a malicious file directly which is then executed. A remote file upload vulnerability is a vulnerability where an application uses user input to fetch a remote file from a site on the Internet and store it locally.

There are various technique to upload malicious file. So I will take you to the basic one where attacker can upload any types of file and after uploading the web shell will leads to RCE.

Risk Factor

If one have not developed file upload functionality in the proper way, then application will get compromised.

With the weakness or flaws in application, attacker can gain access to server files.

If there are no restrictions while uploading files, attacker can upload the web shell to execute RCE.

Let’s go for the action!!

Attack scenario

During the recent pen-testing I came across with unrestricted File upload vulnerability.

As shown in the given below Figure, its a file upload functionality where we can upload any types extension and it accept and execute it..

If we found that application is accepting malicious file to get uploaded, will upload web shell to get remote code execution.

So simply download the web shell and save it as “.php” and upload the file.

we have successfully uploaded the shell, now we will navigate where the file have been uploaded. In my case, I simply get the directories where all the upload file get saved.