SRE School

Laravel Security: Upload, Store, and Download files with privacy restrictions in Laravel part 1

Posted by

Dharmendra Kumar, Senior Software Engineer & Co founder at MyhospitalNow

Here are common reasons and potential vulnerabilities that might have been exploited:

1. File Upload Vulnerability:

Imagine a web application that allows users to upload images, such as .jpg or .png files. However, the application only validates the file extension (e.g., .jpg, .png) without checking the MIME type or scanning the file contents.

A malicious actor may exploit this by uploading a PHP file disguised as an image, like image.jpg.php, or uploading a file without an extension like image (which could still be a PHP file).

If this file is then executed, the malicious code could run on the server, potentially leading to remote code execution, data leakage, or system compromise.

Example of Malicious File Upload:

  1. Malicious File:
    The attacker creates a file with a .jpg.php extension or a .php file disguised as an image.
    • Malicious File: image.jpg.php
    • Actual content: A PHP shell that can execute arbitrary commands on the server.
  2. Uploading the File:
    The attacker uploads image.jpg.php through the application’s file upload form.
  3. Server Misconfiguration:
    If the server does not properly check the MIME type or sanitize the file extension, the uploaded file will be saved in the server’s file system.
  4. File Execution:
    If the server has been misconfigured to allow execution of .php files in the upload directory, the attacker can then navigate to http://server.com/uploads/image.jpg.php to execute the PHP code, potentially compromising the system.

Fixes and Mitigation:

  1. Validate File Type and MIME Type:
    Ensure that the file type is validated both by file extension and MIME type. Here’s an example in PHP:
// Allowed MIME types
$allowedMimeTypes = ['image/jpeg', 'image/png'];

// Get the MIME type of the uploaded file
$fileMimeType = mime_content_type($_FILES['file']['tmp_name']);

if (in_array($fileMimeType, $allowedMimeTypes)) {
    // Proceed with file upload
} else {
    // Reject the file if MIME type doesn't match
    echo "Invalid file type!";
}

Check File Extensions:
Ensure the file extension matches the allowed types (e.g., .jpg, .png).

$allowedExtensions = ['jpg', 'png'];
$fileExtension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);

if (in_array(strtolower($fileExtension), $allowedExtensions)) {
    // Proceed with file upload
} else {
    echo "Invalid file extension!";
}

Rename Files Before Storing:
Rename the uploaded file before saving it to prevent a user from uploading a malicious file with a valid name. For example, you could rename the file based on a unique identifier:

$newFileName = uniqid() . '.' . $fileExtension;
move_uploaded_file($_FILES['file']['tmp_name'], '/uploads/' . $newFileName);

Limit File Size:
Add a file size limit to prevent large malicious files from being uploaded:

$maxFileSize = 2 * 1024 * 1024; // 2 MB
if ($_FILES['file']['size'] > $maxFileSize) {
    echo "File is too large!";
    exit;
}

Sanitize File Names:
Sanitize the file name to remove any special characters or potentially dangerous characters (e.g., .., /, \):

$safeFileName = preg_replace('/[^a-zA-Z0-9-_\.]/', '', $_FILES['file']['name']);

Handling File Upload Safely

Hereā€™s an example PHP script for securely handling file uploads:

<?php
$allowedExtensions = ['jpg', 'png'];
$allowedMimeTypes = ['image/jpeg', 'image/png'];
$maxFileSize = 2 * 1024 * 1024; // 2 MB

if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
    // Get file extension and MIME type
    $fileExtension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
    $fileMimeType = mime_content_type($_FILES['file']['tmp_name']);
    
    // Validate file extension and MIME type
    if (in_array(strtolower($fileExtension), $allowedExtensions) && in_array($fileMimeType, $allowedMimeTypes)) {
        // Check file size
        if ($_FILES['file']['size'] <= $maxFileSize) {
            // Sanitize file name and create a unique name
            $safeFileName = uniqid() . '.' . $fileExtension;
            move_uploaded_file($_FILES['file']['tmp_name'], '/uploads/' . $safeFileName);
            echo "File uploaded successfully!";
        } else {
            echo "File is too large!";
        }
    } else {
        echo "Invalid file type or MIME type!";
    }
} else {
    echo "Error in file upload!";
}
?>

This script securely handles the file upload by:

  1. Validating the file extension and MIME type.
  2. Checking the file size.
  3. Renaming the file before saving it to the server.
  4. Rejecting any invalid file types or sizes.

Dharmendra Kumar, Senior Software Engineer & Co founder at MyhospitalNow

Experienced software developer proficient in HTML, CSS, and Bootstrap for crafting elegant and responsive user interfaces. Skilled in Laravel and PHP, with a focus on building robust and scalable web applications. Proficient in JavaScript for both frontend and backend development, leveraging frameworks like React and Vue.js. Experienced in designing and consuming RESTful APIs to enable seamless communication between client and server. Expertise in integrating payment gateways such as PayPal, Stripe, and Paytm for secure online transactions. Familiar with Flutter, enabling the creation of natively compiled applications for mobile, web, and desktop. Proficient in Android Studio, the primary IDE for developing Android applications. Knowledgeable in Linux and Docker for efficient server management and application deployment. Experienced in using Redis as an in-memory data structure store, enhancing application performance. Passionate about staying updated with the latest technologies and continuously learning to deliver high-quality solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Recent Posts

Categories

Tags

#AssetManagement #ContentCollaboration #ContentManagement #DAM #DAMSoftware #DigitalAssetManagement #Digital AssetManagement #DigitalAssets #DigitalMarketing #SEO #SEOManagement #SEOTools #TeamCollaboration #Wizbrand Bike certification command Composer comprehensive Foundation guide Laravel Laravel 10 Launches Linux Paypal php Rental Services Troubleshooting

0
Would love your thoughts, please comment.x
()
x