This article is geared towards highlighting the security breaches that can spew out when the users are allowed to upload images by virtue of upload forms. Dynamic and interactive websites, that allow end users to upload images, are essential in the modern day internet world for bolstering the efficiency of a diverse range of businesses. However, the probability of malicious users attempting to gain access to the file system of the server hosting these websites increases manifolds as the user is granted access to more functionality. Multitudes of potentially dangerous issues can crop up if the web application resorts to insecure mechanisms for checking image uploads or none whatsoever.
Injection Attacks through Image Uploads
An attacker aims to supply a virulent code into the target system subsequently intending to execute it and file-uploading can serve as a perfect foil for this activity. Most image file formats cater for metadata which makes it easy to embed code in them. With many websites accepting image uploads, and analyzing EXIF information to determine size, date, exposure, resolution, location, owner etc., there is a high risk of an XSS attack or SQL Injection attack if the analyzed information is either inserted into the database or used to extract certain confidential data.
Let’s go through some of the loopholes involved in the process of image uploads and the malicious approaches, techniques and methodologies that can be used by hackers to bypass any security measures associated with image uploads.
1 – Fundamental Implementation for Image Upload
A general approach used for uploading an image file comprises an HTML file creating an interface for the user to upload an image; along with a PHP script file containing the code that handles the request to upload the selected file. Under the fundamental regime, no restrictions are imposed regarding the type of files/images allowed for uploading.
2 – Verification of File Name Extension
Following this approach, web developers tend to develop a blacklist of malicious extensions whereby access is denied to an invalid image file. Hence, a hacker is not able to upload a PHP shell because the extension of the shell is .php which is not a valid image type. However, there could be work around here. A hacker can break the website’s defenses, in this case, by changing the extension of the PHP shell from .php to .jpg or .gif. Hence, the file will be uploaded but since its extension is JPG or GIF, PHP code won’t be executed directly by typing in the URL of shell in the address bar unless .htaccess file has been modified to execute JPG or GIF files as PHP.
3 – Verification of Image File Content
Let’s consider a scenario in which an upload form checks the contents of the image file instead of its extension. This check can be bypassed by injecting malicious PHP code into a valid image file and uploading it as a PHP shell. Using an EXIF editor, PHP code can be added to the comment section of the image and this image can be easily uploaded to an upload form that does not check for the image type. Typing the URL of of the file will execute the PHP code and because PHP code executes on the server the remote shell will be executed on the server that has the malicious image.
Safety Measures
[adsense size='1']
As seen above, there are many ways how a malicious user can use image uploads to perpetrate undesired activities. For this reason, when implementing an image upload form in a web application, one should make sure to follow correct security guidelines and test them properly. Some of the safety measures are given below:
- .htaccess file is defined which allows access to files with valid extensions only and is placed in the server’s parent directory.
- The web server should be configured such that access to uploads directory is denied.
- A random filename is generated for every uploaded file so that even if a malicious user is able to upload a virulent PHP code, determining the name of the file in the uploads folder becomes difficult.
We hope that this article will give you a lot of insight into how injection attacks through uploading images work and what safety measures one can adopt to avoid any precarious situation. Safety is an ever-imperative paradigm and its importance can never be understated. It is essential that both the users as well as the developers be aware of the techniques and methodologies employed by the hackers to achieve their targets. So, whenever you set out to recruit PHP developers and programmers to build interactive and dynamic websites, make sure that they are aware of the vulnerabilities prevalent in PHP. In the modern security paradigm, it becomes essential that every effort is made to ensure the safety of your website. Simultaneously, the users need to ascertain beforehand that the website they are trying to access is safe so that their privacy and sensitive information is not compromised in any way possible.
Gloss