The ultimate boss of web hacking! File upload vulnerability attack techniques! Following Part 1, this Part 2 'Chapter 1' training covers more in-depth and advanced techniques.
123 learners
Level Intermediate
Course period Unlimited
Understanding Java File Upload Libraries
Potential security threats to Java file upload libraries
Understanding Web Application Firewalls (WAF)
WAF Bypass Techniques
Understanding diverse environments
Webshell upload attack methods in various environments
Today, there are various ways to learn web hacking. Online lecture platforms like Inflearn, academies where you can take offline classes, and search engines—most of these common paths tend to focus on general content. However, this course is different. I proudly say it contains 'content you won't find anywhere else'!
The source code below is known to be safe from file upload vulnerabilities. But is it really secure?
...
String path = request.getRealPath("/upload");
MultipartRequest multi = new MultipartRequest(request, path, 1024*10*10, "UTF-8");
Enumeration formNames = multi.getFileNames();
while(formNames.hasMoreElements()) {
String param = (String)formNames.nextElement();
String uploadFile = multi.getFilesystemName(param);
int extOffset = uploadFile.lastIndexOf(".");
String fileExt = uploadFile.substring(extOffset+1).toLowerCase();
if (!fileExt.equals("jpg") && !fileExt.equals("png") && !fileExt.equals("gif")) {
File fp = new File(path, uploadFile);
fp.delete();
out.println(“<script>alert(‘Invalid extension’);history.back(-1);</script>");
return;
}
}
...No. This source code is 'vulnerable source code'.
The reason why this code is vulnerable and the attack methods against it are covered in detail in the Part 2-1 lecture.
Understanding Cases by File Upload Library
We analyze each file upload library and cover potential security threats that may arise, as well as various cases.
Web Application Firewall (WAF) Bypass Technique Case Study
We will explore various web firewall bypass techniques and conduct hands-on practice for those attack methods.
We will cover directory parsing vulnerabilities found in JEUS and WebSphere in detail, examining the attack methodology of why these vulnerabilities are threatening today and how they can be exploited. (IBM WebSphere CVE-2020-4163)
We will take a detailed look at various other environments and cases.
Who is this course right for?
Practitioners currently performing penetration testing or vulnerability assessment in the field
Job seeker
Need to know before starting?
Web Technology
Web Hacking Basics
File Download Vulnerability Knowledge
File Upload Vulnerability Knowledge
27,154
Learners
1,503
Reviews
509
Answers
4.9
Rating
18
Courses
Hello, this is CreeHacktive.
Based on my years of experience diagnosing and researching various web services, I have been sharing practical, job-ready knowledge through the Inflearn platform.
I also authored Crehacktive's All-in-One Web Hacking Bible, which systematically covers the basics of web hacking. For those who lack foundational knowledge, I recommend starting your studies with this book.
Email : crehacktive3@naver.com
All
72 lectures ∙ (6hr 10min)
Course Materials:
All
11 reviews
4.9
11 reviews
Reviews 5
∙
Average Rating 5.0
Reviews 4
∙
Average Rating 5.0
Reviews 4
∙
Average Rating 5.0
Reviews 8
∙
Average Rating 4.4
Reviews 4
∙
Average Rating 5.0
Check out other courses by the instructor!
Explore other courses in the same field!
$84.70
![[Eduwill White Hacker] Game HackingCourse Thumbnail](https://cdn.inflearn.com/public/courses/329746/cover/6e390196-7c19-4a64-88db-69745dd95ccd/329746-eng-original.png?w=420)
