Interesting Test Cases of File uploading vulnerabilities

Various interesting test cases to find out vulnerability in Uploading  a file
  1. Uploading a file when another file with the same name already exists. This may show interesting error messages that can lead to information disclosure. Logical flaws might be found in the application renames the new file to keep it on the server.
  2. Upload a directory with the .asp extension, then name the script within the directory with a permitted file extension, for example, folder.asp\file.txt
  3. Uploading a file with a long name. This may show interesting error messages that can lead to information disclosure.
  4. Uploading a file multiple times at the same time. This may show interesting error messages that can lead to information disclosure.
  5. Uploading a “crossdomain.xml” or “clientaccesspolicy.xml” file can make a website vulnerable to cross-site content hijacking.
  6. Upload XML file multiple times in order to identify any possible processing on the server-side.
  7. Uploading files that may not be deleted easily such as “…:.jpg” in NTFS that makes the “…” file
  8. Upload .jsp file into web tree — JSP code executed as the web user
  9. Upload .gif file to be resized — image library flaw exploited
  10. Upload huge files — file space denial of service
  11. Upload file using malicious path or name — overwrite a critical file
  12. Upload file containing personal data — other users access it
  13. Upload file containing “tags” — tags get executed as part of being “included” in a web page
  14. Upload .rar file to be scanned by antivirus — command executed on a server running the vulnerable antivirus software
  15. Use different file names such has .php3,phtml, shell.p.phpp, shell.txt.jpg.png.asp, shell.txt.jpg.png.asp
  16. Try long file names supermassivelongfileeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeename.php
  17. Try to upload with huge file sizes

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store