No Size Limits

Unsafe File Upload with No Size Limits

Overview of the Vulnerability

Unsafe file uploads occur when the web server fails to sufficiently validate the file’s size, type, name, contents, or what restrictions are placed on the file once it has been successfully uploaded. The application fails to validate the size of files that are uploaded. An attacker can serve a Denial of Service (DoS) to the application by uploading large files to the server as there is no file size limit. This may cause outages and slowdowns.

Business Impact

Unsafe file upload can lead to reputational damage for the business due to a loss in confidence from users who are attempting to perform legitimate actions within the application. It can also lead to indirect financial loss due to the downtime of the web server.

Steps to Reproduce

1. Generate a large file using: {{command}}

2. Navigate to file upload functionality at: {{URL}}

3. Upload the large file generated in the first step

Proof of Concept (PoC)

The screenshot below demonstrates the full exploit:

{{screenshot}}

Recommendation(s)

There is no single technique to prevent unsafe file uploads. However, implementing the right combination of defensive measures within the application will prevent or limit the impact. Some best practices include the following:

• Allow only specific file types to be uploaded which are dictated by business functionality

• Filter and check all content uploaded for viruses. Everything that does not pass strict validation should be discarded

• Set a minimum and maximum file size and naming length, ensuring that only alpha-numeric characters are accepted and that only a single period is used to to designate between the file name and the extension type.

• Don’t display the path of the uploaded file to the end users

For more information, please see:

• https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html

• https://cwe.mitre.org/data/definitions/434.html