Malicious file upload.
Observation: Attacker can directly upload an executable file or use a double extension file to upload in to the server.
Impact: The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files browse local resources attack other servers and exploit the local vulnerabilities. This may also result in defacement
Recommendation: The application should validate the type of file that is uploaded by the user prior to accepting and parsing the file.
Proof of concepts and steps to reproduce:
- 1. Create one ‘sample file with .com’ extension in physical drive.
2. In
created SSIS package right click on empty place and select logings to create loggings. And click on the Add button under ‘Providers and Logs’ tab as shown bellow
3. Click on the configuration dropdown and select New connection. Then ‘file connection manager editor’ window will open. Click on ‘Browse’ button and select ‘test file .com’ file which is created already.
4. Click on Ok button. Now we can see .com file under connection managers.
Can you please check weather it is really harmful to application?
Sudhan