How to Prevent Dangerous File Upload Vulnerabilities and WebShell Attacks

Common Security Issues

File upload is a ubiquitous feature on the Internet, making upload vulnerabilities very common and highly damaging. Typical problems include:

Uploading a script that the web server executes, leading to code execution.

Uploading a Flash crossdomain.xml policy file, allowing attackers to control Flash behavior in that domain.

Uploading viruses or trojans that trick users or administrators into downloading and executing them.

Uploading phishing images or images containing scripts that some browsers may execute, enabling phishing and fraud.

The usual attack method is for the attacker to upload an executable script and gain the ability to run server‑side commands.

Example

When an attacker uploads a web shell to a directory that has script execution permissions, they can directly obtain a WebShell and take control of the web server.

In many compromised systems, the upload directory is placed on the same server and even the same directory as the web application, giving the uploaded files script execution rights and creating a high‑risk upload vulnerability.

Defense

This vulnerability requires two conditions: (1) the ability to upload a malicious file, and (2) the upload directory has script execution permissions.

First, filter uploaded files. Although attackers can often bypass filters, filtering remains essential.

The key to defense is to ensure the upload directory does not have script execution permissions.

Store uploaded files on a separate file server that lacks execution rights. Even if a trojan is uploaded, the file server cannot execute it, preventing the attack.