I have an file upload form and i secured it pretty well...One tedious problem is double extention upload.
suppose user have a file
This upload fine and is fully legit.Now suppose a malicious user upload a file like
This file can simiply be a php shell used to take control of my server and data that have been renamed to
image.php.png to bypass my validation. (PHP see extension as PNG)
Once file get upload , attacker can use tamper data or Livehttp headers to resend the same file as image.php and hence sucessfully take over the server
However as a security researcher myself , i devise a method to prevent this
1.Use of algorithm to give the filename a random name on the server.This works perfect
Use of PATHINFO_EXTENSION to detect extention of a file(its faster than other methods)
Then use algorithm to save the file with a random filename on server.
This way the resending of info through POST method via Live http headers won't work as attacker won't know filename of image on server
image.php.png get saved as
The fileupload is now secure
However this cause a wastage of space as invalid files will be as
xyz127.png on server.
I wanted to know you guys opinion on this and hope you have a better and more efficient method to prevent the double extension upload.Solution should be php based and not webserver based.
I hope it helps people