NOC WAF Protects Against

Arbitrary File Upload (AFU)

A vulnerability where the hacker directly uploads or side loads a file to the website through a faulty application and then executes the file to fulfill a malicious task.

Understanding SQL Injection Vulnerabilities

AFU Vulnerabilities

Arbitrary File Upload vulnerabilities are not as popular as SQLi or RCE vulnerabilities, but are just as dangerous. These vulnerability allows a bad actor to make use of a malicious file to perform specific functions.

 

One of the more popular tactics used by bad actors with this vulnerability is to upload a backdoor to the web server. These backdoors give the bad actor full control of the web application and web server, and allow them to use it as a launch pad to perform other nefarious acts against other web applications.

File Upload Types

File upload vulnerabilities come in two distinct flavors:

Local File Uploads;

Remote File Uploads;

As implied by the names, the Local File Upload vulnerability allows a bad actor to side-load a file that might already exist on the server. The remote File Upload vulnerability allows the user to load a file that is located remotely (on another server).

Protecting Against AFU Vulnerabilities

Cloud-Based Protection

AFU vulnerabilities get exploited on web applications when bad actors are manipulate URL queries to load malicious files.

 

NOC helps mitigate attacks that try to exploit these vulnerabilities through its virtual hardening and patching technology. As a reverse proxy, NOC sits between your web application, and the internet. When a user queries your web application, our network will inspect the query structure and ensure that it is not attempting to exploit a weakness.

 

One of the key features of the WAF platform is its ability to Virtually Harden and Patch web applications at the edge. This technology protects the application by preventing the attacker from hitting the application back-end.  The attack registers on our network, we detect, strip it from the request, and block the attacker from attempting further exploits against your application.

Preventive Measures

AFU vulnerabilities have become popular these days, especially amongst Content Management Systems (CMS) like WordPress.

Clearly define what file types are allowed on your web server;

Leverage a whitelist approach to uploads, if possible;

Verify files uploaded / downloaded off the internet;

Ensure upload directory is not publicly accessible;

Ensure upload directory is not executable;

Verify permissions of all working directories, including uploads;