Skip to main content

How to Approach Web Application Vulnerability Assessment using Burp Community | Part - 3 | Audit Guidelines | High Impact Web Vulnerability | RCE

Web application file upload RCE are very common and multiple bypasses for the existing mitigations are available. In this part-3 of blog series of how to check the web application vulnerability with Burp Community Edition, I will cover one of the bypass technique. This blog will be very helpful while performing the web application security assessment( VAPT) manually. In this part of the blog, we will cover a file upload vulnerability with High impact severity. Please refer the audit guidelines below


Audit Guideline

Concept- Linux has a file name restriction of 255 characters/bytes. If you attempt to create a file that has more than 255 characters in its name, then it will truncate the characters after that 255 characters. So now we have to upload a file named like this:

fffffffffff......fffffffffff.php.jpeg


where the length of green highlighted part is exactly 255. Uploading this would bypass the extension restriction at the client and server end, but when storing the file at server, that .jpeg will get removed from file name, leaving behind a .php shell file uploaded successfully.




[Disclaimer - For Education Purpose - Case study, attacks' scenarios and audit guidelines on vulnerabilities]

Security blog of the month

Understanding the CISSP Exam Pattern: Is There Negative Marking?

The  Certified Information Systems Security Professional (CISSP)  certification, offered by (ISC)², is one of the most recognized credentials in the cybersecurity industry . It validates an individual’s ability to design, implement, and manage a best-in-class cybersecurity program. Let’s break down the CISSP exam structure and address a common question:  Is there negative marking in the CISSP exam?
Post a Comment
Read more