Web: RCE, File Uploads and Deserialization
This week we look at three more topics related to web based security.
We will be focusing on a type of attack called Remote Code Execution (RCE). This is where an attacker is able to run commands on the remote server. Depending on the configuration this can lead the the attacker gaining full access to the server itself. Generally, this occurs due to users being able to either upload, or read files contained on the server.
First we look at File uploads. Allowing users to upload files to a site can introduce a new attack vector. If we do not correctly filter the files, or check for malicious code within them, then it may be possible for a user to upload some exploit.
The second example are what is known as "File Includes" attacks. This is where a user is able to "include" the content of another file within a web page. While this can have a similar effect to attacks like XSS (by including a file containing Javascript), the user may also be able to include files from elsewhere on the filesystem. This can lead to other exploits being triggered, or information disclosure.
Lab
- Image upload filters
- Include attacks