Javascript Unrestricted File Upload
Description
Detects unrestricted file upload vulnerabilities in Express.js applications where files can be uploaded without proper validation of file types, extensions or content. This could allow attackers to upload malicious files like web shells or execute arbitrary code on the server.
Detection Strategy
• Review file upload handlers in Express.js routes and middleware
• Check if file upload configurations lack type restrictions or extension validations
• Look for upload handlers that save files without validating the content type
• Verify if uploaded files can be accessed/executed after being stored
• Examine multer or express-fileupload middleware configurations for security settings
Vulnerable code example
const fs = require('fs');
function writeUserData(fileName, content) {
// VULN: Direct use of unsanitized fileName in path leads to directory traversal
fs.writeFileSync('/var/www/data/' + fileName, content);
}✅ Secure code example
const fs = require('fs');
const path = require('path');
function writeUserData(fileName, content) {
// Sanitize filename to prevent directory traversal by using path.basename
const safeFileName = path.basename(fileName);
// Use path.join for safe path construction and define base directory explicitly...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.