How Websites Get Hacked With FileUpload Vulnerability?

The vulnerability which we are about to demonstrate in my opinion is the number 1 reason why websites hacked and are exploited further to the server level. When a hacker performs a SQL Injection attack on a website he needs a way to get shell level access and install the PHP backdoor so he can touch other files on server or compromise the server itself if it's vulnerable. If we could secure our uploads and restrict our upload area so that they don't allow it does not allow the upload of other files instead of images we can protect our upload area.

However there is a problem, The PHP files can still be uploaded by various methods. The most common method is by renaming the PHP backdoor to the following and then uploading the shell.

shell.php;.jpg
shell.php.jpg
shell.php..jpg
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;

However there is also a method to block the upload of the above files. But there is also another way to bypass it even if the uploading of the files name with the above extension is blocked. We will use tamper data for this purpose.

Step 1

Install http live headers firefox extention, then go to the upload section. Open Live HTTP Headers and upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hidden .php.jpg extension into the .php.

So as we uploaded the shell and opened the Live HTTP Headers you should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply.

Step 2 -

After uploading, find the directory where your fle uploaded, example if you uploaded it in images then it will be in http://website/images/shell.php. The rest of the steps are self explanatory.

How To Protect Your Website from the FileUpload Vulnerability?

That's a separate topic and will be explained in a separate post. However for now I would recommend you to install a third party fileuploading service, Where the file get's uploaded the fileuploading service's server not yours.

About the author :

Minhal Mehdi is a Tech Blogger and Ethical Hacker, He runs a blog http://www.devilscafe.in. where he writes about Exploits and vulnerabllies

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

Tags: Website hacking

Kindly Bookmark it and Share it with Friends:

7 comments :

Anonymous said...: Perfectly explained.
Anonymous said...: My frnds fanpage got hacked....
How to get it back or can u hack it.....plz rply.
Chandrasekhar sai on February 20, 2012 at 11:56 AM said...: http://songhut.blogspot.in/ see diz guyzz this may help u
Anonymous said...: Rafay thanks for u r articles

u r articles r very good and well explained

but in this article i am unable to upload the files remotly

with the help of http headers

u may tell that if the vulnerability is there then only it will

i am trying to upload a shell (C99.php) in DVWA (Damn Vulnerable Web Application) but iam not able to upload that.

can u please provide some solution for that
Tech Mafia on March 2, 2012 at 3:08 AM said...: Nice tut....! :D
Ankit Bagaria on March 25, 2012 at 12:44 AM said...: Nice tut.
and can you plz post some tut on windows hacking.
Anonymous said...: THANKS BRO.ITS A PERFECT TUT ---ABHIJEET

7 comments :

Dare to ask? :)

Search This Blog

Download For Free

Learn How To Hack

Monitor Any PC Anywhere

Categories

Stats

Blog Archive

Popular Posts

Recent Comments

About

Join In!