File operation protection

1、 File upload vulnerability

         On the Internet , We often use the file upload function , For example, upload a custom image ; Share a video or photo ; An attachment is attached when posting on the Forum ; Attach attachments when sending mail , wait .

         The file upload function itself is a normal business requirement , For websites , In many cases, users do need to upload files to the server . therefore “ Upload files ” There's nothing wrong with it , But the problem is that after the file is uploaded , What to do with the server 、 Explanatory documents . If the processing logic of the server is not secure enough , Will lead to serious consequences .

         File upload vulnerability means that the user uploads an executable script file , And through this script file to obtain the ability to execute server-side commands . This kind of attack is the most direct and effective , Sometimes there is little technical threshold .

Common security problems caused by file upload are ：

• The upload file is Web Scripting language , Server's Web The container interprets and executes the script uploaded by the user , Causes code execution ;
• Upload file is virus 、 Trojan files , Hackers are used to trick users or administrators into downloading and executing ;
• The upload file is a phishing image or an image that contains a script , It will be executed as a script in some versions of browsers , Used for fishing and fraud .

in the majority of cases , File upload vulnerabilities generally refer to “ Upload Web Scripts can be parsed by the server ” The problem of , That is to say web shell The problem of . To complete this attack , To meet the following requirements

Conditions ：

         First , Uploaded files can be Web Container interpretation execution . So the directory where the file is uploaded is Web Path covered by container .

         secondly , Users are able to access from Web Access this file on . If the file is uploaded , But users can't get through Web visit , Or can't make Web The container interprets the script , Then it can't be called a vulnerability .

         Last , If the files uploaded by users are checked for security 、 format 、 Image compression and other functions change the content , It can also lead to unsuccessful attacks .

Solution ：

1. Check the extension white list of uploaded files , Not on the white list , Upload is not allowed .
2. The directory of the uploaded file must be http The request cannot directly access . If you need access to , Must upload to other （ and web Different servers ） Under domain name , And set the directory as an executable directory .
3. The file name and directory name to be saved are generated by the system according to the time , Do not allow user customization .
4. Image upload , To be processed （ thumbnail 、 Watermark, etc ）, No exception can be saved to the server .
5. Uploading files requires logging .

2、 File download and directory browsing vulnerability

         It is caused by the lack of rigor in program design and coding , A good design should be ： Users are not allowed to submit any file path for download , Instead, the user clicks the download button to deliver by default ID To the background program .

         File download and directory browsing vulnerability ：File download and Directory traversal, Arbitrary file download attack and directory traversal attack .

         When processing a user request to download a file , Allow users to submit arbitrary file paths , And send the corresponding file on the server directly to the user , This will cause the threat of arbitrary file download . If you ask the user to submit the file directory address , Send the list of files in the directory to the user , Will cause directory traversal security threats .

         Malicious users will change directory or file addresses , Download sensitive files on the server 、 Database link profile 、 Website source code, etc .

Code to process user requests ：

String path = request.getParameter("path");
    OutputStream os = response.getOutputStream();
    FileInputStream fis = new FileInputStream(path);
    byte[] buff = new byte[1024];
    int i = 0;
while((i=fis.read(buff))>0){
        os.write(buff,0,i);
        }
        fis.close();
        os.flush();
        os.close();  

Protection plan ：

1. The address of the file to be downloaded is saved in the database .
2. Save the file path to the database , Let the user submit a file corresponding to ID Download the file .
3. Do permission judgment before downloading files .
4. Files in web Can't directly access the directory .
5. Record the file download log .
6. Directory traversal service is not allowed .

Nginx The directory browsing function is not enabled by default , If you find that the function is currently turned on , Can edit nginx.conf file , Delete the following two lines ：

autoindex on;
autoindex_exact_size on

And then restart Nginx.