Task #12580
Task #12556: Pentest - 2nd Assessment [2021]
Pentest_CDB - [POTENTIAL] Malicious File Upload [LOW]
Status: | Rejected - End of life cycle | Start date: | November 09, 2021 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Najmi Pasarudin | % Done: | 0% | |
Category: | Penetration Test Issue | Spent time: | - | |
Target version: | - |
Description
Uploaded files represent a significant risk to applications. Many application's business process allow users to upload file on the application server. Despite many sites implement simple restrictions based on list of permitted (or blocked) extensions, it is not sufficient to prevent attackers from uploading legitimate file types that contains malicious contents.
The application may allow upload of malicious files that include exploits, without submitting them to malicious file scanning.
Solution suggested by LGMS :
'- Run the file through an antivirus or a sandbox if available to validate that it doesn't contain malicious data.
- Store the files on a different server. If that's not possible, store them outside of the webroot. In the case of public access to the files, use a handler that gets mapped to filenames inside the application (someid -> file.ext).
'Affected Module and URL:
[Auto Debit - File Upload - Enrollment]
https://10.10.55.34:9444/bsn-cdb-uat/ib126_ibAutoDebitEnrollmentFileUploadConfirm.action
[Auto Debit - File Upload - Billing]
https://10.10.55.34:9444/bsn-cdb-uat/ib126_ibAutoDebitBillingFileUploadConfirm.action
[Auto Debit - Data Entry - Enrollment Edit Data]
https://10.10.55.34:9444/bsn-cdb-uat/ib126_ibAutoDebitEnrollmentDataEntryEditDataDetail.action?isEdit=true
[Auto Debit - Data Entry - Billing Edit Data]
https://10.10.55.34:9444/bsn-cdb-uat/ib126_ibAutoDebitBillingDataEntryEditDataDetail.action?isEdit=true
[Bulk Payment - File Upload]
https://10.10.55.34:9444/bsn-cdb-uat/ib127_ibAutoCreditFileUploadConfirm.action
[Bulk Payment - Data Entry]
https://10.10.55.34:9444/bsn-cdb-uat/ib127_ibAutoCreditDataEntryEditDataDetail.action?isEdit=true
[Statutory Body - LHDN - LHDN File Upload]
https://10.10.55.34:9444/bsn-cdb-uat/ib132_ibStatutoryBodyLHDNFileUploadConfirm.action
[Statutory Body - LHDN - LHDN Data Entry]
https://10.10.55.34:9444/bsn-cdb-uat/ib132_ibStatutoryBodyLHDNDataEntryEditDataDetail.action?isEdit=true
Related issues
History
#1 Updated by Nurul Athira Abdul Rahim over 2 years ago
- Status changed from New - Begin Life Cycle to Development / Work In Progress
Kindly review the fixes, as the new pentest (March,9,20202) result status stated "not solved".
#2 Updated by Najmi Pasarudin 6 months ago
- Status changed from Development / Work In Progress to Rejected - End of life cycle
Currently not possible to scan file upload with anti-virus