Description

This plugin will try to expoit insecure file upload forms. One configurable parameter exists:

  • extensions

The extensions parameter is a comma separated list of extensions that this plugin will try to upload. Many web applications verify the extension of the file being uploaded, if special extensions are required, they can be added here. Some web applications check the contents of the files being uploaded to see if they are really what their extension is telling. To bypass this check, this plugin uses file templates located at “plugins/audit/file_upload/”, this templates are valid files for each extension that have a section (the comment field in a gif file for example ) that can be replaced by scripting code ( PHP, ASP, etc ). After uploading the file, this plugin will try to find it on common directories like “upload” and “files” on every know directory. If the file is found, a vulnerability exists.

Plugin type

Audit

Options

Name Type Default Value Description Help
extensions list [‘gif’, ‘html’, ‘bmp’, ‘jpg’, ‘png’, ‘txt’] Extensions that w3af will try to upload through the form. When finding a form with a file upload, this plugin will try to upload a set of files with the extensions specified here.

Source

For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
github-logoPlugin source code
Unittest source code

Dependencies

This plugin has no dependencies.