Does SmartClient or Server Side isomorphic file upload implementation support validations of uploaded files other than size and content type ?
Example:
I have a simple File Upload Form and File is Uploaded - I can do validations based on content type to restrict uploads to certain mime types, however the upload request can be intercepted in something like BurpSuite and then have some script injection.
I can intercept upload action in BurpSuite and add <script>alert(document.cookie)</script> just after Content-Type this gets uploaded and when I try to view the image the script is execute.
Is there a way in SmartClient to detect that content of the file upload is invalid ?
Example BurpSuite Proxy Intercept and Raw Contents Update:
POST /admintool/sc/IDACall?isc_rpc=1&isc_v=v10.1p_2016-08-05&isc_tnum=68 HTTP/1.1
Host: 10.85.22.217:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------276522767322366
Content-Length: 421593
Origin: http://10.85.22.217:8080
Connection: close
Referer: http://10.85.22.217:8080/index.html?locale=en
Cookie: JSESSIONID=node06sg8wjk8kxjw40b1ocnlu78986.node0; isc_cState=ready; GLog=%7B%0A%20%20%20%20trackRPC%3Atrue%2C%20%0A%20%20%20%20isc_pageURL%3A%22http%3A//10.85.22.217%3A8080/index.html%3Flocale%3Den%23ReportConfigurationPane%22%2C%20%0A%20%20%20%20isc_pageGUID%3A%228C53BD06-DC8D-4354-89F4-DA617D69BD4E%22%2C%20%0A%20%20%20%20priorityDefaults%3A%7B%0A%20%20%20%20%20%20%20%20sgwtInternal%3A1%0A%20%20%20%20%7D%2C%20%0A%20%20%20%20defaultPriority%3A3%2C%20%0A%20%20%20%20left%3A-8%2C%20%0A%20%20%20%20top%3A-8%2C%20%0A%20%20%20%20width%3A1600%2C%20%0A%20%20%20%20height%3A800%0A%7D; login_token=v0neqgq3ubvps267elr5uf72ao
Upgrade-Insecure-Requests: 1
-----------------------------276522767322366
Content-Disposition: form-data; name="logo_file"; filename="AMilkyWay.jpg"
Content-Type: image/jpeg
<script>alert(document.cookie)</script>
ÿØÿà
Example:
I have a simple File Upload Form and File is Uploaded - I can do validations based on content type to restrict uploads to certain mime types, however the upload request can be intercepted in something like BurpSuite and then have some script injection.
I can intercept upload action in BurpSuite and add <script>alert(document.cookie)</script> just after Content-Type this gets uploaded and when I try to view the image the script is execute.
Is there a way in SmartClient to detect that content of the file upload is invalid ?
Example BurpSuite Proxy Intercept and Raw Contents Update:
POST /admintool/sc/IDACall?isc_rpc=1&isc_v=v10.1p_2016-08-05&isc_tnum=68 HTTP/1.1
Host: 10.85.22.217:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------276522767322366
Content-Length: 421593
Origin: http://10.85.22.217:8080
Connection: close
Referer: http://10.85.22.217:8080/index.html?locale=en
Cookie: JSESSIONID=node06sg8wjk8kxjw40b1ocnlu78986.node0; isc_cState=ready; GLog=%7B%0A%20%20%20%20trackRPC%3Atrue%2C%20%0A%20%20%20%20isc_pageURL%3A%22http%3A//10.85.22.217%3A8080/index.html%3Flocale%3Den%23ReportConfigurationPane%22%2C%20%0A%20%20%20%20isc_pageGUID%3A%228C53BD06-DC8D-4354-89F4-DA617D69BD4E%22%2C%20%0A%20%20%20%20priorityDefaults%3A%7B%0A%20%20%20%20%20%20%20%20sgwtInternal%3A1%0A%20%20%20%20%7D%2C%20%0A%20%20%20%20defaultPriority%3A3%2C%20%0A%20%20%20%20left%3A-8%2C%20%0A%20%20%20%20top%3A-8%2C%20%0A%20%20%20%20width%3A1600%2C%20%0A%20%20%20%20height%3A800%0A%7D; login_token=v0neqgq3ubvps267elr5uf72ao
Upgrade-Insecure-Requests: 1
-----------------------------276522767322366
Content-Disposition: form-data; name="logo_file"; filename="AMilkyWay.jpg"
Content-Type: image/jpeg
<script>alert(document.cookie)</script>
ÿØÿà
Comment