internal override async Task runTest(UploadRequest.UploadRequest request) { string data = "<script>alert(document.cookie)</script>"; request.setFileData(Encoding.ASCII.GetBytes(data)); request.setFileContentType("image/jpeg"); //Default all files to image/jpeg //HTML case sensitivity test request.setFileName("Test_4" + ".hTMl"); await request.send(); printResult(request, "Test 04 (.hTMl)"); //ASP case sensitivity test request.setFileName("Test_4" + ".aSp"); await request.send(); printResult(request, "Test 04 (.aSp)"); //Change contents for php test data = "<?php\n" + " echo phpinfo();\n" + "?>"; //PHP case sensitivity test request.setFileName("Test_4" + ".pHp"); await request.send(); printResult(request, "Test 04 (.pHp)"); }
internal override async Task runTest(UploadRequest.UploadRequest request) { //Upload a normal jpg byte[] data = getFirstImage(); request.setFileContentType("image/jpeg"); request.setFileData(data); request.setFileName("UniqueLongName.jpg"); await request.send(); printResult(request, "Test 12 (Short-name prep)"); //Upload a jpg with the shortname matching the shortname version of the previous file data = getSecondImage(); request.setFileData(data); request.setFileName("Unique~1.jpg"); await request.send(); printResult(request, "Test 12 (Short-name overwrite)"); }
internal override async Task runTest(UploadRequest.UploadRequest request){ byte[] data = getImage(); request.setFileData(data); request.setFileContentType("image/jpeg"); request.setFileName("Test_7.jpg.php"); //Default extension that will work await request.send(); printResult(request, "Test 07 (malicious image .jpg.php)"); request.setFileName("Test_7.php.abc1"); //Will only work in certain conditions await request.send(); printResult(request, "Test 07 (malicious image .php.abc1)"); request.setFileName("Test_7.php.jpg"); //Will only work in certain conditions await request.send(); printResult(request, "Test 07 (malicious image .php.jpg)"); }
internal override async Task runTest(UploadRequest.UploadRequest request){ //Send a new .htaccess file. If this is uploaded it will make the server execute jpgs as php files string data = "AddType application/x-httpd-php .jpg"; request.setFileData(Encoding.ASCII.GetBytes(data)); request.setFileContentType("image/jpeg"); request.setFileName(".htaccess"); await request.send(); printResult(request, "Test 08 (.htaccess over/write)"); //Upload a valid jpg with php in it's comment section request.setFileData(getImage()); request.setFileContentType("image/jpeg"); request.setFileName("Test_8.jpg"); await request.send(); printResult(request, "Test 08 (php w/ .jpg)"); }
internal override async Task runTest(UploadRequest.UploadRequest request) { const string data = "<?php\n" + " echo phpinfo();\n" + "?>"; request.setFileData(Encoding.ASCII.GetBytes(data)); request.setFileContentType("image/jpeg"); request.setFileName("Test_2.php"); await request.send(); printResult(request, "Test 02"); }
internal override async Task runTest(UploadRequest.UploadRequest request) { const string data = "<?php\n" + " echo phpinfo();\n" + "?>"; request.setFileData(Encoding.ASCII.GetBytes(data)); request.setFileContentType("image/jpeg"); //Dot test request.setFileName("Test_5.php."); await request.send(); printResult(request, "Test 05 (dot test)"); //Space test request.setFileName("Test_5.php "); await request.send(); printResult(request, "Test 05 (space test)"); //Mixed test request.setFileName("Test_5.php… … . . .. .. "); await request.send(); printResult(request, "Test 05 (mixed dot/space test)"); }
internal override async Task runTest(UploadRequest.UploadRequest request){ //Set the data to HTML (all formats support HTML) const string data = "<script>alert(document.cookie)</script>"; string[] badExtensions = {".html", ".shtml", ".jsp", ".asp", ".phtml", ".php3", ".php4", ".php5" }; request.setFileContentType("image/jpeg"); //Default all files to image/jpeg request.setFileData(Encoding.ASCII.GetBytes(data)); foreach (string t in badExtensions){ request.setFileName("Test_3" + t); await request.send(); printResult(request, "Test 03 (" + t + ")"); } }
internal override async Task runTest(UploadRequest.UploadRequest request) { const string data = "<?php\n" + " echo phpinfo();\n" + "?>"; request.setFileData(Encoding.ASCII.GetBytes(data)); request.setFileContentType("image/jpeg"); //Test for validation of just the final extension (Apache will use the real extension for the MIME type) request.setFileName("Test_6.php.123"); await request.send(); printResult(request, "Test 06 (first extension)"); //Test for validation of just the first extension (Apache will use the last extension for the MIME type if they're all real) request.setFileName("Test_6.jpg.php"); await request.send(); printResult(request, "Test 06 (last extension)"); //Test for "AddHandler" directive for php files (This will make Apache recognize the file as PHP no matter where the extension is) request.setFileName("Test_6.php.jpg"); await request.send(); printResult(request, "Test 06 (AddHandler test)"); }