Research Academy
My account Customers About Blog Careers Legal Contact Resellers
Back to all learning paths
PRACTITIONER

File upload vulnerabilities

In this learning path, you'll explore how simple file upload functions can become a vector for severe attacks. You'll learn how to bypass common defense mechanisms to upload a web shell, enabling full control over a vulnerable web server.

Contents

Get started: What are file upload vulnerabilities?

0 of 36

GET STARTED

What are file upload vulnerabilities? 0 of 1

What are file upload vulnerabilities? Get started

What is the impact of file upload vulnerabilities? 0 of 2

What is the impact of file upload vulnerabilities?

What is the impact of file upload vulnerabilities? - Continued

How do file upload vulnerabilities arise? 0 of 2

How do file upload vulnerabilities arise?

How do file upload vulnerabilities arise? - Continued

How do web servers handle requests for static files? 0 of 2

How do web servers handle requests for static files?

How do web servers handle requests for static files? - Continued

Exploiting unrestricted file uploads to deploy a web shell 0 of 2

Exploiting unrestricted file uploads to deploy a web shell

Lab: Remote code execution via web shell upload APPRENTICE

Exploiting flawed validation of file uploads 0 of 5

Exploiting flawed validation of file uploads

Flawed file type validation

Flawed file type validation - Continued

Flawed file type validation - Continued

Lab: Web shell upload via Content-Type restriction bypass APPRENTICE

Preventing file execution in user-accessible directories 0 of 3

Preventing file execution in user-accessible directories

Preventing file execution in user-accessible directories - Continued

Lab: Web shell upload via path traversal PRACTITIONER

Insufficient blacklisting of dangerous file types 0 of 7

Insufficient blacklisting of dangerous file types

Overriding the server configuration

Overriding the server configuration - Continued

Lab: Web shell upload via extension blacklist bypass PRACTITIONER

Obfuscating file extensions

Obfuscating file extensions - Continued

Lab: Web shell upload via obfuscated file extension PRACTITIONER

Flawed validation of the file's contents 0 of 3

Flawed validation of the file's contents

Flawed validation of the file's contents - Continued

Lab: Remote code execution via polyglot web shell upload PRACTITIONER

Exploiting file upload race conditions 0 of 4

Exploiting file upload race conditions

Exploiting file upload race conditions - Continued

Race conditions in URL-based file uploads

Race conditions in URL-based file uploads - Continued

Exploiting file upload vulnerabilities without remote code execution 0 of 3

Exploiting file upload vulnerabilities without remote code execution

Uploading malicious client-side scripts

Exploiting vulnerabilities in the parsing of uploaded files

Uploading files using PUT 0 of 1

Uploading files using PUT

How to prevent file upload vulnerabilities 0 of 1

How to prevent file upload vulnerabilities