Files uploading techniques
web/upload 2011. 12. 1. 15:59WebShell files uploading techniques
I'm going to discuss about different techniques/methods of WEB SHELL file upload and its execution. There are few techniques (I knew), as follows,
1. Insecure HTTP method ( PUT methods )
2. Application Flaws / Insecure server configuration (Script execution permission enabled).
3. JBOSS’s jmx-console vulnerability.
4. MySQL-XAMPP/WampServer vulnerability.
5. MS SQL command execution vulnerability.
6. Remote File Inclusion.
1. Insecure HTTP method (PUT methods)
TRACE, CONNECT, DELETE, LOCK, PUT all these HTTP methods are vulnerable from security perspective. For more information go through HTTP/1.1: Method Definitions . I’ll only discuss about HTTP PUT method and its exploitability. Most of the times automated web scanners reports existence of PUT method in web server but always it’s not exploitable. For confirmation you can do the following steps, Try to upload a file with curl. (e.g. curl -T test.txt http://www.sitename.com/foldername ). If file uploaded successfully, then upload any WEB-SHELL file and browse it. If the uploaded WEB-SHELL file successfully executed on the target system then definitely you’ll get full control (logged in user level) of the machine.
2. Application Flaws / Insecure server configuration (Script execution permission enabled)
Sometime web application allow file upload functionality. It can be dangerous, if file type not checked properly and script execution permission on file uploaded directory. Read the scanit’s white paper.
3. JBOSS’s jmx-console vulnerability
JBoss Application Server (or JBoss AS) is a free software/open-source Java EE-based application server. Because it is Java-based, the JBoss application server operates cross-platform: usable on any operating system that supports Java. JBOSS default installation is not secure at all, there are few administrative interfaces like jmx-console, admin-console (default admin/admin) etc can be accessed without any authentication. Using those interfaces JBOSS can be hacked within a minute. nRuns published an wonderful white paper on the Hacking JBoss.
4. MySQL-XAMPP/WampServer vulnerability
For MySQL-XAMPP/WampServer vulnerability read the following article, XAMPP/WampServer PHPMySQLAdmin console vulnerability.
5. MS SQL command execution vulnerability
MS SQL server 2000 is vulnerable to command execution vulnerability. A nice white paper on the same is available here.
6. Remote File Inclusion
Remote File Inclusion (RFI) is a type of vulnerability most often found on websites, it allows an attacker to include a remote file usually through a script on the web server. For more information read the following link.
IMPORTANT: This information is for research and academic purposes only! This info is not to be abused! I am not responsible for any damage that you may create!
http://netappsec.blogspot.com/2010/07/web-shell-files-uploading-techniques.html
1. Insecure HTTP method ( PUT methods )
2. Application Flaws / Insecure server configuration (Script execution permission enabled).
3. JBOSS’s jmx-console vulnerability.
4. MySQL-XAMPP/WampServer vulnerability.
5. MS SQL command execution vulnerability.
6. Remote File Inclusion.
1. Insecure HTTP method (PUT methods)
TRACE, CONNECT, DELETE, LOCK, PUT all these HTTP methods are vulnerable from security perspective. For more information go through HTTP/1.1: Method Definitions . I’ll only discuss about HTTP PUT method and its exploitability. Most of the times automated web scanners reports existence of PUT method in web server but always it’s not exploitable. For confirmation you can do the following steps, Try to upload a file with curl. (e.g. curl -T test.txt http://www.sitename.com/foldername ). If file uploaded successfully, then upload any WEB-SHELL file and browse it. If the uploaded WEB-SHELL file successfully executed on the target system then definitely you’ll get full control (logged in user level) of the machine.
2. Application Flaws / Insecure server configuration (Script execution permission enabled)
Sometime web application allow file upload functionality. It can be dangerous, if file type not checked properly and script execution permission on file uploaded directory. Read the scanit’s white paper.
3. JBOSS’s jmx-console vulnerability
JBoss Application Server (or JBoss AS) is a free software/open-source Java EE-based application server. Because it is Java-based, the JBoss application server operates cross-platform: usable on any operating system that supports Java. JBOSS default installation is not secure at all, there are few administrative interfaces like jmx-console, admin-console (default admin/admin) etc can be accessed without any authentication. Using those interfaces JBOSS can be hacked within a minute. nRuns published an wonderful white paper on the Hacking JBoss.
4. MySQL-XAMPP/WampServer vulnerability
For MySQL-XAMPP/WampServer vulnerability read the following article, XAMPP/WampServer PHPMySQLAdmin console vulnerability.
5. MS SQL command execution vulnerability
MS SQL server 2000 is vulnerable to command execution vulnerability. A nice white paper on the same is available here.
6. Remote File Inclusion
Remote File Inclusion (RFI) is a type of vulnerability most often found on websites, it allows an attacker to include a remote file usually through a script on the web server. For more information read the following link.
IMPORTANT: This information is for research and academic purposes only! This info is not to be abused! I am not responsible for any damage that you may create!
http://netappsec.blogspot.com/2010/07/web-shell-files-uploading-techniques.html
'web > upload' 카테고리의 다른 글
| caidao github (0) | 2015.11.13 |
|---|