Description
This plugin will try to expoit insecure file upload forms. One configurable parameter exists:
- extensions
The extensions parameter is a comma separated list of extensions that this plugin will try to upload. Many web applications verify the extension of the file being uploaded, if special extensions are required, they can be added here. Some web applications check the contents of the files being uploaded to see if they are really what their extension is telling. To bypass this check, this plugin uses file templates located at “plugins/audit/file_upload/”, this templates are valid files for each extension that have a section (the comment field in a gif file for example ) that can be replaced by scripting code ( PHP, ASP, etc ). After uploading the file, this plugin will try to find it on common directories like “upload” and “files” on every know directory. If the file is found, a vulnerability exists.
Plugin type
Options
Name | Type | Default Value | Description | Help |
extensions | list | [‘gif’, ‘html’, ‘bmp’, ‘jpg’, ‘png’, ‘txt’] | Extensions that w3af will try to upload through the form. | When finding a form with a file upload, this plugin will try to upload a set of files with the extensions specified here. |
Source
For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
Plugin source code
Unittest source code
Dependencies
This plugin has no dependencies.