When a user input something in the website such as adding a comment or uploading a file, these things can be verified for the validity and authenticity by using two methods. Client-Side or Server-Side filtering. When it is Client side, the filtering happens in the browser itself. Where as in Server side, the user input is sent back to the Server and then the server will validate the user input. Based on that, the user can successfully input something in to the website.
Server side filtering are comparatively harder to figure out as the code won't be passed to the end user. But when in comes to Client side filtering, the user/attacker can easily find out the filtering methods and may bypass the filtering using various methods.
There are four major ways to bypass the client-side file upload filter:
- Intercept and modify the incoming page. When the page is loaded, there will be additional scripts to verify the uploading file. The script can be in java, which will look for the file extension, or magic number, file size etc. If any of these conditions doesn't met, then the file uploaded might be unsuccessful. An easier way is to delete such filtering from the scripts or sometimes, deleting the entire script might work as well.
- Intercept and modify the file upload.When the file is uploaded, intercept the packet and edit the parameters such as MIME, so that the file filtering can be bypassed. You can perform this using tools such as Burp Suite.
- Send the file directly to the upload location. If you are able to find out the upload location, you can perform a POST function to upload the file directly to the site location.