For example, when I had a specific file writing problem
upload in the public / uploads folder of a certain system, I gave the
permission 777 in this folder.
I love anyone who lives in a dangerous way (joke), is already more than explained the reasons, the previous answers have said everything, I just came here to add with practical examples what can happen, how your Operating System can be invaded ...
Imagine that I'm walking on your page and I find myself in an upload area, let's say that the upload algorithm does not check metadata and file extensions, you'll simply be lost, the attacker will not get root access, but even so it can do a good job, surely it will be able to read many things inside your
, besides being able to look at the source codes of your page (php, asp, etc), you can even get the passwords of your database to access (looking at the codes of your page it can find the passwords of your bank connection), in this case the attacker does not need to be very smart, it would upload a file in the folder upload ex file.
(a code that opens files and shows on the screen), then just run and see the return ...
If he's a little smarter, he'd make a .php file that would send and return commands
(dir, ls, rm)
Of course I'm just talking basic things to not give ideas to the malicious, this is critical, is the worst case scenario, the hacker could upload any file and use php, asp, java, python, etc. to run, could try to scale root using exploits and have full control of the OS, ie it would be a "party" inside your upload folder: - (
Now imagine your algorithm upload check extensions, but do not look at metadata (headers), let's imagine that your algorithm in thesis only let you upload
files, imagine that I create the following file:
<?php echo "<p>Ola Mundo</p>"; ?>
And save as
teste.jpg (of course it's a silly example, but could be something really dangerous), your upload folder would become a minefield, malicious code within allowed extensions :-( I say it's a minefield because the hacker it will only need to trigger the trigger, usually this trigger can not be executed from outside, via
http , I said "usually", the hacker will need to use artifacts to execute for example a
php teste.jpg .
This is only a shallow example of how an upload folder with
chmod 777 can become the achilles heel of your