Disclaimer: This post is not sponsored by Metadefender, Cloudinary or AWS S3 but is recommended as one simple solution.

File upload attacks occur in 2 stages. The first stage is to attempt to upload file which contains malicious code and the second stage is to find a way to execute malicious code from that file.

You can find a simple working example here: https://shahjerry33.medium.com/remote-code-execution-via-exif-data-im-dangerous-43557d7f3e7a

Risks

The risks associated with unrestricted file upload and eventual remote code execution range from anything between simple defacement of a website to a complete system takeover.

Tips To Protect Against File Upload Attacks

  1. You have to deny file listing , patch vulnerabilities and combinations of vulnerabilities in file listing that can allow the attacker to execute the uploaded payload.
  2. Find vulnerabilities in libraries that are handling your uploaded files
  3. Add more safeguards like checking content-type and file extension.
  4. Filter out special characters from filenames and extension.
  5. Follow the best security practices for your web server. For example for Microsoft IIS
  6. You need to make sure only authenticated users are allowed to upload files
  7. You need to ensure that you have a malware scanner or antivirus examine not only the file but also the file system and network for suspicious activity.
  8. You need to randomize the filename once they are uploaded to make it harder to be executed.
  9. Disable verbose errors on the web user interface and instead give simple errors when a file upload fails.

There many more ways in which attacks can be executed and be prevented. A more comprehensive documentation can be found at https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload

Simple Alternative

There are many ways in which you can be attacked and prevent the attacks. Keeping updated and providing securing file uploads can easily take up a massive amount of time for you as a developer or website owner. That is why you could alternatively use a third party service like Metadefender, AWS S3 and Cloudinary.

Of course, there are costs associated with using third party services but in reality it will take only one attack to cause more damage than the costs being paid to the third party services.

The developers working at those companies are continuously working on patching security vulnerabilities while you will be able to focus on improving your business.