Story #28
openEpic #25: Malicious File Upload Prevention
Block Malicious Filenames (Double Extension, Null Byte, Meta Characters)
66%
1. Filenames exceeding allowed character length are rejected
2. Files with double extensions (e.g. file.php.jpg) are blocked
3. Files containing double dots (..) are rejected
4. Filenames containing null byte (%00) are rejected
5. Filenames with special/meta characters are sanitized or rejected
6. Validation enforced strictly at server side
Description
Longfilename refers to file names that exceed a certain character limit. A double extension occurs when a file name has two periods (dots) followed by an extension, such as "file.tar.gz". The presence of double dots in a file name, like "important..doc", can be a security risk as it might allow unauthorized access or manipulation of files in certain systems. Meta characters are special characters used in programming or command-line contexts.
Attacker uploads a malicious file with the file name "malicious%00.jpg". The %00 represents the null byte. To prevent exploits, the web application should implement robust input validation and sanitization mechanisms that detect and reject file names containing null bytes or other potentially malicious characters