3

Using proxy software, I was able to bypass a file upload control file-checking for an asp.net system I am pen testing. I noticed they are saving the file into the database as bytes, and it is available for download in my own portal at any time after upload. The thing about this is that no one else can see files I've uploaded (not even administrators). For this specific app, the files are strictly for my convenience.

So I could bypass and upload malicious .exe files for example. What are the dangers, since obviously i'm not going to upload malicious files to screw myself over. I want to explain the threat to others.

I thought surely if someone were to "force" a user through XSS or CSRF or something to upload a bad file and then the users sees it and downloads it, that's one problem but what else? Is it inherently bad to have a malicious .EXE sitting in the database? Perhaps if an admin later reconstructed the files, or if later the business decision came up to have administrators view files (or even if the site becomes social later and you can see other files). But besides all this, what are some possible problems with bypassing a filter check in this case right now how the system is currently designed?

Thanks!

NullHypothesis
  • 191
  • 1
  • 4
  • I'm not a security expert, just an interested random person, but could you upload a malicious JS file, give your session to someone else (reverse session hijacking?) and have them download and execute it? The JS file could bypass the same origin policy for anything on their site. – user253751 Mar 22 '14 at 06:54
  • what is reverse session hijacking I never heard of that one - how do you give your session to someone else? – NullHypothesis Mar 22 '14 at 15:39
  • I've never heard of it either, it's just an idea. IDK if it's actually possible. – user253751 Mar 22 '14 at 22:15

1 Answers1

4

No, its not inherently bad to store a malicious file, as long as no one can execute it. Anti-virus softwares do this all the time when they "quarantine" malware.

Another possible problem that you can highlight to them is that a malicious user can upload illegal content on their service, for example, someone can upload child pornography there and it will create a major legal problem for that company.

xkcd
  • 761
  • 4
  • 10