# Unrestricted File Upload via Double Extension Technique & Missing File Upload Size Limitations
### ๐Ÿ“Œ Overview During a security assessment of **\[REDACTED]**, multiple critical weaknesses were identified in the file upload functionality used by the Careers and Customer Complaints forms. The application relied on the following endpoint to process uploaded attachments: ``` [REDACTED]/wp-admin/admin-ajax.php ``` The upload functionality failed to properly validate uploaded files on the server side, allowing attackers to bypass file type restrictions using double extension techniques. Additionally, the application did not enforce file upload size limitations, allowing oversized files to be uploaded successfully. These issues could allow attackers to upload malicious files and abuse server resources. *** ### ๐ŸŽฏ Affected Endpoints * **\[REDACTED]**/ar/careers/ * **\[REDACTED]**/ar/customer-complaints/ *** ### ๐Ÿง  Vulnerability Description The application implemented weak validation controls for uploaded files. File upload restrictions relied primarily on client-side validation mechanisms such as HTML file type restrictions and content-type checks, which can easily be bypassed.
Attackers were able to upload files containing double extensions, such as: ``` file.pdf.php ``` and ``` file.doc.php ``` Although these files appeared to be valid document formats, the server accepted them successfully without properly validating the actual file extension or content. Additionally, the application failed to enforce upload size restrictions, allowing large files exceeding expected limits to be uploaded successfully. *** ### ๐Ÿงช Steps to Reproduce #### 1. Access Vulnerable Upload Forms Navigate to: * `/ar/careers/` * `/ar/customer-complaints/` Both forms submit uploaded attachments through: ``` /wp-admin/admin-ajax.php ``` *** #### 2. Prepare Malicious File Create a PHP payload: ```php ``` Save the file using a double extension: ``` shell.pdf.php ``` or ``` resume.doc.php ```
*** #### 3. Upload the File Upload the malicious file through the available attachment functionality. The application accepted the file successfully despite frontend restrictions limiting uploads to PDF and DOC formats. *** #### 4. Upload Oversized Files Upload large PDF or DOC/DOCX files exceeding expected size limits (e.g., larger than 2MB). The server accepted oversized files successfully without enforcing file upload size restrictions. *** #### 5. Observe Server Behavior The backend accepted uploaded files without properly validating: * File extension * File signature (magic bytes) * Dangerous executable content * Upload file size limitations This indicates insufficient server-side validation controls for uploaded files. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://0xkourama.gitbook.io/blog/pentesting-and-bug-hunting-tips/unrestricted-file-upload-via-double-extension-technique-and-missing-file-upload-size-limitations.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.