The ultimate boss of web hacking! File upload vulnerability attack techniques! Following Part 1, this Part 2 'Chapter 1' training covers more in-depth and advanced techniques.
238 learners
Level Intermediate
Course period Unlimited
Reviews from Early Learners
5.0
Bryan
It would be better if you could provide example files in vulnerable versions so that you can practice right away by setting up a real environment with the course materials. The example files that can be downloaded as course materials are versions with the vulnerabilities removed.
5.0
학습자
I am taking this great class well. Thank you.
5.0
구운고구마
I took all of these lectures during the Chuseok holidays. The detailed explanation and practice of the file upload library were good, and my perspective on the Spring Framework changed. I am currently doing mock hacking, and there were many practical exercises that I could apply right away, which was good. Thank you for making such a great lecture.
Understanding Java File Upload Libraries
Potential security threats to Java file upload libraries
File upload vulnerabilities, even advanced techniques!
We deliver core insights that are hard to find anywhere else.
This training covers the most important aspects of file upload vulnerability attacks, focusing in detail on attack processes that use entirely different approaches from conventional methods. You can learn everything from basic attack knowledge to bypass techniques used in practice, real-world case studies, various countermeasures, and secure coding. This is an essential foundational course for all subsequent training sessions.
This course covers advanced attack techniques and Web Application Firewall (WAF) bypass methods not addressed in PART(1), and involves analyzing technical methods used in real-world environments through hands-on practice.
In today's web environment, the use of web shell detection solutions is gradually increasing. Accordingly, security analysts must possess the skills to bypass these detection solutions. Therefore, this will be an essential training for practitioners.
The final part to wrap up the file upload vulnerability lecture!
This course is 'Part 2', the sequel to the 'File Upload Vulnerability Attack Techniques and Practical Case Analysis: PART 1 taught by a penetration testing professional' course.
File Upload Vulnerability Attacks Part 2 is divided into a total of 3 parts, and each topic is as follows.
This course is 'Part 1' of Part 2, and covers the topic of 'File Upload Library Analysis and Attack Methodologies.'
taking the CreHactive Web Hacking series.
Today, there are various ways to learn web hacking. From online lecture platforms like Inflearn to academies for offline classes and search engines, the most common paths we encounter tend to focus primarily on general content.
However, this lecture is different. I am confident that it contains 'content you won't find anywhere else'!
💡 This lecture is Part 2-1, and it covers 'File Upload Library Analysis and Attack Methodologies'.
The source code below is known to be secure against file upload vulnerabilities. So, is it truly secure?
...
String path = request.getRealPath("/upload");
MultipartRequest multi = new MultipartRequest(request, path, 1024*10*10, "UTF-8");
Enumeration formNames = multi.getFileNames();
while(formNames.hasMoreElements()) {
String param = (String)formNames.nextElement();
String uploadFile = multi.getFilesystemName(param);
int extOffset = uploadFile.lastIndexOf(".");
String fileExt = uploadFile.substring(extOffset+1).toLowerCase();
if (!fileExt.equals("jpg") && !fileExt.equals("png") && !fileExt.equals("gif")) {
File fp = new File(path, uploadFile);
fp.delete();
out.println(“<script>alert(‘Invalid extension’);history.back(-1);</script>");
return;
}
}
...No. This source code is 'vulnerable source code'.
The reason why this code is vulnerable and the attack methods for it are covered in detail in the Part 2-1 lecture.
Understanding Cases by File Upload Library
We analyze each file upload library, covering potential security threats and various cases that may arise.
Methodologies and Practices Based on Security Threats
We will examine potential security threats for various cases and conduct hands-on attack exercises.
'File Upload Vulnerability Part 2' consists of three lectures designed to help you succeed in file upload vulnerability attacks across various environments. However, this is not a course that simply provides the answers. Taking this course does not guarantee success in file upload vulnerability attacks in every single environment.
The goal of this lecture is not to provide the right answers, but to be a lecture that broadens your perspective. By learning that vulnerabilities can occur in various environments, you will gain the realization of "Ah, I can try it this way too!" and furthermore, you will be able to analyze future assessments while 'knowing' that diverse environments exist. There is a world of difference between analyzing with this knowledge and analyzing without it.
I hope this lecture helps you clearly refine your perspective on web hacking and lay the foundation to elevate your skills to a higher level!
Q. Is there any prior knowledge I should have before taking the course?
You must have an understanding of 'File Upload Vulnerabilities.' Additionally, you should be familiar with the content covered in Part 1 to smoothly follow Part 2. Of course, if you already have a high level of understanding regarding 'File Upload Vulnerabilities,' you should have no problem taking the course.
Q. Who is the target audience for this course?
I recommend this course primarily for "practitioners." However, those who have sufficiently studied web hacking theory or are currently preparing for employment can also take the course.
Q. Do I have to take 'File Upload Vulnerability Attack Part 1'?
I recommend taking the course. Even if you have an understanding of file upload vulnerabilities, there may be parts of Part 2 that are difficult to understand without a foundation in Part 1. Therefore, even for working professionals, I recommend taking Part 1 first before proceeding to Part 2.
Q. Part 2 is divided into three parts; do I need to take all of them?
You do not necessarily have to take all three parts. However, if you want to learn attack methodologies for various practical environments, I "highly" recommend taking all three.
Q. Should I take Part 2 in the order of the 3 parts?
You don't necessarily have to do that; you can start with the topics you're most interested in. However, since the three parts were produced in order, I believe it would be better for the overall flow to take them sequentially.
It is recommended that you take this course with a prior understanding of web technology and web hacking. Additionally, we recommend that you first take the 'File Download Vulnerability Attack' and 'File Upload Vulnerability Attack Part 1' courses from CreHactive's web hacking lecture series.
Who is this course right for?
Practitioners currently performing penetration testing or vulnerability assessment in the field
Job seeker
Need to know before starting?
Web Technology
Web Hacking Basics
File Download Vulnerability Knowledge
File Upload Vulnerability Knowledge
27,154
Learners
1,503
Reviews
509
Answers
4.9
Rating
18
Courses
Hello, this is CreeHacktive.
Based on my years of experience diagnosing and researching various web services, I have been sharing practical, job-ready knowledge through the Inflearn platform.
I also authored Crehacktive's All-in-One Web Hacking Bible, which systematically covers the basics of web hacking. For those who lack foundational knowledge, I recommend starting your studies with this book.
Email : crehacktive3@naver.com
All
31 lectures ∙ (2hr 24min)
Course Materials:
All
5 reviews
5.0
5 reviews
Reviews 8
∙
Average Rating 4.9
Reviews 10
∙
Average Rating 5.0
Reviews 5
∙
Average Rating 5.0
Reviews 13
∙
Average Rating 5.0
5
I took all of these lectures during the Chuseok holidays. The detailed explanation and practice of the file upload library were good, and my perspective on the Spring Framework changed. I am currently doing mock hacking, and there were many practical exercises that I could apply right away, which was good. Thank you for making such a great lecture.
Reviews 4
∙
Average Rating 5.0
Check out other courses by the instructor!
Explore other courses in the same field!
$34.10
![File Upload Vulnerability Advanced Attack Techniques PART 2 [Integrated Edition]Course Thumbnail](https://cdn.inflearn.com/public/courses/333012/cover/12bd40e1-1e17-493a-81b9-64ac5fed558e/333012.png?w=420)
