Automate file transfer tests – Upload Scanner

"Unrestricted File Upload" is one of my favorite group of web application vulnerabilities. This is because if I can locate this type of security error, it usually leads to remote control of the server. If you can upload images, why not try to upload an executable file on the server side of the :).

As the testing process itself is tedious when encountering an unusual security mechanism, and the number of cases to consider is large , it is worth automating the process. With the help of us here comes a great plugin for Burpa – Upload Scanner.

Uploading files to websites is often an underestimated area of security testing.The surface area of these types of attacks is very large.Only a few of the problems that arise attract a lot of attention of fuses (eg.ImageTragick Vulnerability . Besides them, there are countless vulnerabilities that cause, for example, various types of memory errors. Note that while your REST XML network service may not be susceptible to external XML entity injection (XXE), this does not mean that the image parser used for XMP JPEG metadata (i.e. XML) does not have a problem with XXE.

To determine that the file transfer mechanism implemented is secure, you must check it from different angles. Among other things, correlation behavior depends on the file extension, content type, and content itself.Additionally, the file body should undergo server-side modification tests, such as image size requirements or sizing operations.

The main functionalities of the "Upload Scanner" plugin are:

  1. Investigate server performance for gif, png, jpeg, tiff, pdf, zip, and mp4 files
  2. Investigate server performance to resize an image
  3. Investigate server performance to change image colors
  4. Investigate server performance for exiftool file metadata such as "keywords", "comment", etc.
  5. Investigate server operation for exploits in PHP, JSP, ASP, XXE, SSRF, XXS, and SSI.
  6. Investigate server performance for a combination of file extensions and content types.
  7. Investigate problems through dormant loads, interact with Burp Collaborator, or by re-downloading a file/
  8. In the default configuration, the extension will attempt to upload about 2,000 files.

Quick shortcut to how to use the extension in standard form:

  1. Catch the request to upload the file to the server and redirect it to the plug-in:
send to Upload Scanner

2. Configure the parser to correctly identify the file address on the server after uploading:

Upload Scanner Configuration

3. Start a scan 🙂

Plugin to find in BApp Storze and githubie – UploadScanner

Chcesz wiedzieć więcej?

Zapisz się i bądź informowany o nowych postach (zero spamu!). Dodatkowo otrzymasz, moją prywatną listę 15 najbardziej przydatnych narzędzi (wraz z krótkim opisem), których używam przy testach penetracyjnych.

Nigdy nie podam, nie wymienię ani nie sprzedam Twojego adresu e-mail. W każdej chwili możesz zrezygnować z subskrypcji.

Bookmark the permalink.

Share your opinion about the article.