Unrestricted File upload

In this post, I’ll be teaching you how to upload files of some extensions which are unrestricted by websites!

Some websites allow us only to upload .pdf files…..but to hack it….we may have to upload files with other extensions like .php , .txt , etc. which the website restricts.

So lets bypass this!!! 😈

For demonstration purposes, I’m gonna use OWASP’s juice-shop……which is an intentionally vulnerable application to try these hacks on.

The download and setup process has been provided in the link below :

https://elements.heroku.com/buttons/rowenahwambui/juice-shop

Once you are done with it….open your browser and enter the below link :

http://localhost:3000

This is a juice shop where you can buy juices (not for real)…..and play around with different things by hacking it!!!

Click on account and hit LOGIN.

The login page will be displayed in front of you….

Click on “Not yet a customer”.

Enter all the details (no original details required!)

And hit REGISTER.

As soon as you register, the login page will be displayed.

Enter the login details with which you just registered and hit the LOGIN button.

Since you have been logged in…..click on the 3 lined burger menu as pointed above.

This will load up the menu of the web application.

Now, go to the complaints section where we can upload complaint files.

Now click on the browse button to select the complaint file to upload.

Here I tried uploading a text file named – nessus.txt

But the website responded that it accepts only .pdf and .zip file

Any other file type is forbidden.

NOW THE GAME BEGINS…….

We will force the website to take my nessus.txt file though its forbidden.

First fire up the BurpSuite.

Make sure the intercept is on and configure our browser’s proxy to intercept requests from our browser.

Then head back to the website.

image

Now I have selected a pdf file – danin.pdf , since the website allows us to submit the file…….so that we can intercept it.

Now hit the SUBMIT button.

image

Here you can clearly see that we have a parameter “filename:” which contains the name of our file and…

The Content-Type is set to application/pdf which restricts us to upload any other file like the nessus.txt we tried to upload.

So, lets modify it!!!

image

I modified the Content-Type to application/text and the filename to nessus.txt

And keep on hitting the FORWARD button at the top right to forward all the requests intercepted and modified.

image

HURRAY !!!

We did it !!…..we uploaded a text file on the website though it prohibited us from doing that 😁

Similarly we can upload any file with any other extension on to the website by bypassing the restriction!!!

If u face any kind of issue or need some help in it’s additional features,feel free to leave a comment or directly connect with me on my Instagram handle,my mail or my WhatsApp group…..details of which are mentioned on my home page 🤗

daNiN hacking Tutorials

6 January 2022

Recent Posts

Categories

Contact Form