In this article, we are telling you about file upload vulnerability and How to find File Upload Vulnerability in a website. How to do this attack automatically.
We have already told you about the file path traversal attack, but the file upload vulnerability is different, here we are also telling you how you can find automatic file upload vulnerability.
Here we are telling you all this by doing practical but all this is being told to you for educational purpose, if you get file upload vulnerability in a website, you should never misuse it.
Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.
File Upload Vulnerability ?
Before going practical about File Upload Vulnerability, you have to understand what kind of websites File Upload Vulnerability is found in and said that you get to see this bug.
As you may have seen, we get many such websites where you get the option to upload the file like uploading profile pic, uploading some kind of doc file or uploading any kind of file.
In such a situation, if there is a File Upload Vulnerability, in such a way, hackers can inject many types of payloads with the help of this bug like Cross site scripting attacks payloads can also be injected here.
In such a way, you can understand yourself if you are able to XSS attack on a website, in such a way you can understand how that website can be damaged, in such a way, File Upload Vulnerability can also be a dangerous bug.
Here we are also telling you everything practical as you read this article in the same way you know deeply about File Upload Vulnerability, you can get good bounty to find this bug.
Cross site request forgery attack
Website vulnerability scanner kali linux
Cross origin resource sharing vulnerability
How to find File Upload Vulnerability ?
Now let us tell you that how can we find File Upload Vulnerability in any website, here we are using the burp suite as well as we are also telling you by using the extension in that how you can find File Upload Vulnerability automatically.
Here first you have to import a jar file into burp suite. You are also given a link to download this file, as you can see in the image, you have to download this file first.
After downloading this file, in the option of extender of burp suite, you have to import the file in such a way as you can see in the image here, ignore all the other files here.
After selecting the file here, this file is imported and show in front of you in such a way that you have to do the same process, after that you can use the extensions.
After doing all this, you have to go to the bapp store and you have to install this extension to do File Upload Vulnerability automatically, just like here you can install any extension.
Here we are telling you by doing this practical at the owasp juice shop as you can see here you have to login first, if you do not have an account, then you must first create an account here.
After doing all this, you have to upload the image file here, similarly you also get the option to upload the file on a website in real, here first you must run the burp suite normally.
After doing all this, you get a post request in the burp suite in http history in such a way that you can see in the image, in a similar way you also get a post request.
How to find hidden directories in website
As you can see here, you are getting a file show here, the file which we have uploaded here, in the same way you get a file show here, in some similar way you get to see it in live website too.
After doing all this, you have to right click the post request and send it to the upload scanner. Here the upload scanner tab shows you after installing this extension.
As you can see in the image, here you get many types of modules, you can choose which kind of payloads you have to use, this automatic find File Upload Vulnerability.
Here, in this way, you have to check the option of both uploads and you have to give the address of the image that we have uploaded, how to copy the image address.
After doing all this, you have to click on send redownloader request button, after this you will be able to see you start scan with redownloader button show.
As you can see in the image, you were getting scan without redownloader in the earlier image but after requesting send redownloader you will be able to see you will get scan with redownloader button.
After clicking this button, your attack starts as if you can see in the image, in this way, this extension automatically tries different types of payloads.
As you can see, you are getting different kind of payload here which is being used to find File Upload Vulnerability here, similarly you will get to see different kind of payload in all requests.
Here if you will be able to see you get 200 in response, then you can use that payload to find further File Upload Vulnerability if in this way File Upload Vulnerability is found in a website.
I hope you have come to know about File Upload Vulnerability We have also told you about this bug practically here, you should read this article properly and practice it.
We have told you everything practically here, I hope that you will definitely use this method while doing bug hunting and you will definitely like the method mentioned in this article.
If you find the File Upload bug by using this method, then you also have a lot of ease and you do not have to check the payload injections here and there, there are chances that you get the bug soon.
If you like this article of ours, then you must share it, we have given you many types of articles related to bug bounty earlier, you can also read them like json vulnerabilities owasp, websockets security vulnerabilities.
If you have any question related to File Upload Vulnerability or related to any kind of hacking, in such a way, you can ask us in a comment, share your article, you will get full help from us.
Subscribe to our blog for latest updates
Sharing is Caring
Leave a Reply