File upload filename happens in the process of performing an upload file function within a web application, the filename and file contents are uploaded within a single or multi-request handshake between the client and the server. Tainted Filename Read is a vulnerability that allows the direct passing-in of the filename into the filesystem’s API. An attacker can provide relative or absolute paths to the sensitive files on the server’s file system potentially forcing the application to read, and possibly reflect, the content of the file in question.
Impact of File Upload Filename
By an attacker having the ability to pass in file paths and the system directly using that data to access the filesystem API, the application could be exposing sensitive information include password files, and server configurations. By allowing the attacker to specify files outside the root directory of the application to system file directories, it can discover additional information to further compromise the system.
Java Fixes for File Upload Filename
To protect against File Upload read and manipulation some strategies should be employed. File Type Checking:
- Check for filesize
- Check for mime-type when possible
- Make a whitelist of acceptable file extensions
- Set minimum and maximum file sizes
Randomize Files and Folders:
- Prevent filenames to specify the destination directory
- Randomize the filename and create a mapping between the filename and the temp file
Secure Upload Directory:
- Upload files to a specific directory outside of both the web directory as well as system-level directories
- Secure the folder with the proper permissions