Skip to main content

How to Approach Web Application Vulnerability Assessment using Burp Community | Part - 3 | Audit Guidelines | High Impact Web Vulnerability | RCE

Web application file upload RCE are very common and multiple bypasses for the existing mitigations are available. In this part-3 of blog series of how to check the web application vulnerability with Burp Community Edition, I will cover one of the bypass technique. This blog will be very helpful while performing the web application security assessment( VAPT) manually. In this part of the blog, we will cover a file upload vulnerability with High impact severity. Please refer the audit guidelines below


Audit Guideline

Concept- Linux has a file name restriction of 255 characters/bytes. If you attempt to create a file that has more than 255 characters in its name, then it will truncate the characters after that 255 characters. So now we have to upload a file named like this:

fffffffffff......fffffffffff.php.jpeg


where the length of green highlighted part is exactly 255. Uploading this would bypass the extension restriction at the client and server end, but when storing the file at server, that .jpeg will get removed from file name, leaving behind a .php shell file uploaded successfully.




[Disclaimer - For Education Purpose - Case study, attacks' scenarios and audit guidelines on vulnerabilities]

Security blog of the month

CVE-2018-12651: Reflected Cross Site Scripting(XSS) in Adrenalin 5.4 HRMS Software | ShiftEmployeeSearch [issue 3 of 5]

As cyber security professional, I come across many various vulnerabilities from critical to low and sometimes informational(How to categorize- CVSS v3 ). Sometime back, I was doing as usual my security assessment activity for a Client (Confidential) for their HRMS web application which was 3rd party software whose vendor was "Adrenalin". CVE ID: CVE-2018-12651 Vulnerability Name: Reflected Cross Site Scripting(XSS) Product: Adrenalin HRMS Affected Version: 5.4 Source: MITRE Credits:    Rishu Ranjan  
Read more