File upload

1. Webshell via File Upload on ecjobs.starbucks.com.cn

Summary:

An attacker can exploit a file upload vulnerability on the Starbucks job site to run harmful
commands on the server, leading to the exposure of sensitive information.

What Happens:

1. File Upload: The attacker finds that they can upload files with certain types
(like .asp) by adding a space at the end of the file name to bypass restrictions.
2. Executing Commands: After uploading a malicious file, the attacker can execute
operating system commands on the server, allowing them to list files and access
internal directories.
3. Accessing Sensitive Information: By running commands, the attacker can view
sensitive data, including source code and user information.

Impact:

This vulnerability can lead to serious issues, such as:

• Disclosure of internal source code.

• Exposure of sensitive user information.
• Potential compromise of the server and its internal network.

Recommendations:

To fix this vulnerability, the site should:

• Strictly limit allowed file types (e.g., only accept .jpg, .png, .gif).
• Improve code security to prevent such exploits.

2. Unrestricted File Upload on https://app.lemlist.com

 • A file upload vulnerability occurs when a website allows users to upload files
without proper checks.
• An attacker uploads an HTML file instead of a regular image or text file.
• The website doesn’t block this file type, letting the attacker bypass restrictions.
• They can get a link to the uploaded file and share it with others.
• If someone visits this link, it can lead to changes on the website.

3. Unrestricted File Upload at ██████████

The endpoint "████████" enables unrestricted file uploads, meaning anyone on the
internet, without registration, can upload any type of file. This poses a security risk as
unauthorized users could upload potentially harmful or malicious files without
restriction.

4. Unrestricted File Upload Results in Cross-Site Scripting Attacks

There was a security problem on the Uber Eats restaurant signup page. Attackers could
upload any kind of file, including ones with harmful HTML code. Because the site
showed these files directly in the browser, the harmful code could run and cause issues,
like stealing information from users. This is known as cross-site scripting (XSS).

• Uber | Report #1005355 - Unrestricted File Upload Results in Cross-Site Scripting

Attacks | HackerOne

5. Unrestricted File Upload

A Navy system had a file upload tool accessible from the Internet. This would have
permitted an attacker to upload malicious files and potentially execute code on the
server

6. Unrestricted file upload on the image of contacts

• What Happened: When you upload a picture for a contact in Nextcloud, it lets
you upload any kind of file, not just pictures.
• Testing: Someone tested it by uploading a file called "SimpleCrackMe.exe," which
is a type of program, and it worked.
• Risk: This is a problem because someone could upload harmful files like viruses.
7. Unrestricted Upload of File with Dangerous Type

• Issue Identified: A security researcher found a problem with an older part of the
system (called a legacy API) that lets users upload images.
• Dangerous File Upload: The researcher was able to upload a file type that is
considered dangerous, meaning it could be harmful (like an executable file or
malware).
• Direct Upload to CDN: The file was uploaded directly to a Content Delivery
Network (CDN), which is a service that stores and delivers files quickly.
• MIME Type: The correct MIME type (which tells the system what kind of file it is)
was set, allowing the upload to go through without any checks.

8. Unrestricted file upload - cloudacademy.informatica.com

Informatica | Report #253202 - Unrestricted file upload - cloudacademy.informatica.com

| HackerOne

9. Unrestricted File Upload on https://my.stripo.email

1. Create an account in "https://my.stripo.email"
2. Simply Download a php shell from internet and open with text editor. ex: r57 shell
3. Then save it as JPEG file.
4. Go back to your stripo account and click on your profile icon on the top right corner
of the website and go to show profile. (Try saving it as default .php document it does
not let you to upload the php malicious shell )
5. Upload your shell saved as JPEG as profile picture.
6. After that this message will pop up on the screen "User icon has been saved".

10. Missing "size check" on files to upload could make memory leaks.

• File Upload Issue: The Uzbey website allows users to upload pictures, but it
doesn’t check the size of the files being uploaded.
• Large Files: A user tested this by trying to upload a very large file (2.52 GB) and
noticed that there were no error messages, even though the file was too big.
 • Slowdown: Because of this, the website became slow and hard to access. The
user couldn’t connect to the site afterward.
• Risk of Attacks: This issue could let someone upload huge files on purpose to
crash the website (this is called a Denial of Service or DoS attack) or cause other
problems with the server's memory.

11. Unrestricted file upload (RCE)

• User Control: An admin user can upload files to any location on the server
without any checks.
• No File Type Restrictions: The system doesn’t limit what kind of files can be
uploaded, allowing potentially harmful files to be uploaded.
• No Size Limits: There are no limits on file sizes, which could lead to the server
running out of resources (causing a Denial of Service, or DoS).