S. SinhaBug Bounty Hunting for Web Securityhttps://doi.org/10.1007/978-1-4842-5391-5_6

6. Malicious Files

Sanjib Sinha¹

(1)

Howrah, West Bengal, India

Uploaded malicious files always pose a great threat to web applications. An attacker tries to upload code to the system to be attacked; later that code is supposed to be executed. Usually, the “attack” only needs to find a way to get the code executed to own the system.

The consequences vary: it could be shell commands to be executed later; it could be just an image to declare that the web site has been hacked; or it could be more severe, including system takeover, forwarding attacks to back-end systems, and many more that also include side channel attacks. When a computer system ...

Get Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications by Sanjib Sinha

6. Malicious Files

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly