Unsafe File Upload in case of No Size Limit
Overview
Description
File Upload functionality should have some restrictions on File Size depending on need.
Sometimes, there is a restriction on the client-side but no restriction on the server-side. So, the Attacker can forge request and bypass the file size limit.
Pixel flood attack:-
Generally, Websites process images after uploading and before storing, for various reasons like Removing EXIF Data, compressing the image, and Cropping the image to fit into square dimensions. To Do this, the Whole image is loaded into the memory.
In such a case, the Attacker can use the specially crafted image lottapixel.jpg which is 5KB image with 64250x64250 pixels, So it tries to allocate total 4,12,80,62,500 pixels in memory. It may flood memory and cause DoS Attack.
Impact
- An attacker can Upload Specially Crafted Large Size Images(in GBs, TBs), which is wastage of Disk-Space and may cause DoS attack.
Prevention
- Validate the image size at the client-side as well as the server-side.
- Also, Validate image dimensions before processing image to avoid Pixel flood attack.