The ultimate web hacking! File upload vulnerability attack technique! Part 2 of the 'Part 1' education follows Part 1 and covers more advanced techniques.
119 learners
Level Intermediate
Course period Unlimited
Understanding the Java File Upload Library
Potential security threat to Java file upload library
Understanding Web Firewalls
Web Firewall Bypass Technology
Understanding different environments
Webshell Upload Attack Methods in Various Environments
There are many avenues for learning web hacking today. Whether it's online courses like Inflearn, offline academies, or search engines, most of the common avenues tend to focus on general information. However, this course is different. We pride ourselves on offering content you won't find anywhere else !
The source code below is known to be safe from file upload vulnerabilities. So, is it really safe?
...
String path = request.getRealPath( "/upload" );
MultipartRequest multi = new MultipartRequest (request, path, 1024 * 10 * 10 , "UTF-8" );
Enumeration formNames = multi.getFileNames();
while (formNames.hasMoreElements()) {
String param = (String)formNames.nextElement();
String uploadFile = multi.getFilesystemName(param);
int extOffset = uploadFile.lastIndexOf( "." );
String fileExt = uploadFile.substring(extOffset+ 1 ).toLowerCase();
if (!fileExt.equals( "jpg" ) && !fileExt.equals( "png" ) && !fileExt.equals( "gif" )) {
File fp = new File (path, uploadFile);
fp.delete();
out.println(“ <script>alert(‘잘못된 확장자’);history.back(-1);</script> ");
return;
}
}
... No, the source code is 'vulnerable' .
Why this code is vulnerable and how to exploit it are covered in detail in Part 2-1 of the lecture.
Understanding Cases by File Upload Library
We analyze each file upload library, covering potential security threats and various case scenarios.
Web Firewall Bypass Techniques Case Study
Learn about various web firewall bypass techniques and practice using these attack techniques.
This article details the directory parsing vulnerability found in JEUS and WebSphere, examining why it poses a threat today and the attack methodology behind it. (IBM WebSphere CVE-2020-4163)
Let's take a closer look at various other environments and cases.
Who is this course right for?
Practitioners who perform simulated hacking or vulnerability diagnostics in the field
job seeker
Need to know before starting?
web technology
Web Hacking Basics
File Download Vulnerability Knowledge
File Upload Vulnerability Knowledge
26,930
Learners
1,484
Reviews
508
Answers
4.9
Rating
18
Courses
Hello, this is CreeHacktive.
Based on my years of experience diagnosing and researching various web services, I have been sharing practical, job-ready knowledge through the Inflearn platform.
I also authored Crehacktive's All-in-One Web Hacking Bible, which systematically covers the basics of web hacking. For those who lack foundational knowledge, I recommend starting your studies with this book.
Email : crehacktive3@naver.com
All
72 lectures ∙ (6hr 10min)
Course Materials:
All
11 reviews
4.9
11 reviews
Reviews 4
∙
Average Rating 5.0
Reviews 8
∙
Average Rating 4.4
Reviews 4
∙
Average Rating 5.0
Reviews 4
∙
Average Rating 5.0
Reviews 5
∙
Average Rating 5.0
$84.70
Check out other courses by the instructor!
Explore other courses in the same field!
![[Eduwill White Hacker] Game HackingCourse Thumbnail](https://cdn.inflearn.com/public/courses/329746/cover/6e390196-7c19-4a64-88db-69745dd95ccd/329746-eng-original.png?f=avif&w=420)
