Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    File Upload Validation

    Does SmartClient or Server Side isomorphic file upload implementation support validations of uploaded files other than size and content type ?

    Example:

    I have a simple File Upload Form and File is Uploaded - I can do validations based on content type to restrict uploads to certain mime types, however the upload request can be intercepted in something like BurpSuite and then have some script injection.


    I can intercept upload action in BurpSuite and add <script>alert(document.cookie)</script> just after Content-Type this gets uploaded and when I try to view the image the script is execute.

    Is there a way in SmartClient to detect that content of the file upload is invalid ?

    Example BurpSuite Proxy Intercept and Raw Contents Update:

    POST /admintool/sc/IDACall?isc_rpc=1&isc_v=v10.1p_2016-08-05&isc_tnum=68 HTTP/1.1
    Host: 10.85.22.217:8080
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: multipart/form-data; boundary=---------------------------276522767322366
    Content-Length: 421593
    Origin: http://10.85.22.217:8080
    Connection: close
    Referer: http://10.85.22.217:8080/index.html?locale=en
    Cookie: JSESSIONID=node06sg8wjk8kxjw40b1ocnlu78986.node0; isc_cState=ready; GLog=%7B%0A%20%20%20%20trackRPC%3Atrue%2C%20%0A%20%20%20%20isc_pageURL%3A%22http%3A//10.85.22.217%3A8080/index.html%3Flocale%3Den%23ReportConfigurationPane%22%2C%20%0A%20%20%20%20isc_pageGUID%3A%228C53BD06-DC8D-4354-89F4-DA617D69BD4E%22%2C%20%0A%20%20%20%20priorityDefaults%3A%7B%0A%20%20%20%20%20%20%20%20sgwtInternal%3A1%0A%20%20%20%20%7D%2C%20%0A%20%20%20%20defaultPriority%3A3%2C%20%0A%20%20%20%20left%3A-8%2C%20%0A%20%20%20%20top%3A-8%2C%20%0A%20%20%20%20width%3A1600%2C%20%0A%20%20%20%20height%3A800%0A%7D; login_token=v0neqgq3ubvps267elr5uf72ao
    Upgrade-Insecure-Requests: 1

    -----------------------------276522767322366
    Content-Disposition: form-data; name="logo_file"; filename="AMilkyWay.jpg"
    Content-Type: image/jpeg
    <script>alert(document.cookie)</script>
    &#255;Ø&#255;à
    Last edited by malcolm.pereira; 9 Apr 2020, 11:13.

    #2
    If someone has control over the intervening network, there are thousands of such attacks, not restricted to file upload. To prevent this, use HTTPS. There is no other way.

    As far as the more general question - you can add DMI logic that inspects the file data.

    Comment


      #3
      Thank you, that was really quick, appreciate your response

      Comment

      Working...
      X