Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.
File upload functionality is commonly associated with a number of vulnerabilities, including:
File path traversal
Persistent cross-site scripting
Placing of other client-executable code into the domain
Transmission of viruses and other malware
Denial of service
You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.
Some factors to consider when evaluating the security impact of this functionality include:
Whether uploaded content can subsequently be downloaded via a URL within the application.
What Content-type and Content-disposition headers the application returns when the file's content is downloaded.
Whether the application performs any filtering on the file extension or MIME type of the uploaded file.
Whether it is possible to construct a hybrid file containing both executable and non-executable content, to bypass any content filters - for example, a file containing both a GIF image and a Java archive (known as a GIFAR file).
What location is used to store uploaded content, and whether it is possible to supply a crafted filename to escape from this location.
Whether archive formats such as ZIP are unpacked by the application.
How the application handles attempts to upload very large files, or decompression bomb files.
File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:
Use a server-generated filename if storing uploaded files on disk.
Inspect the content of uploaded files, and enforce a whitelist of accepted, non-executable content types. Additionally, enforce a blacklist of common executable formats, to hinder hybrid file attacks.
Enforce a whitelist of accepted, non-executable file extensions.
If uploaded files are downloaded by users, supply an accurate non-generic Content-type header, and also a Content-disposition header which specifies that browsers should handle the file as an attachment.
Enforce a size limit on uploaded files (for defense-in-depth, this can be implemented both within application code and in the web server's configuration.
Reject attempts to upload archive formats such as ZIP.
GET /Configurations/AutoScriptCopy.aspx HTTP/1.1 Host: oss.hoyt.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: https://oss.hoyt.net/IconsMain.aspx?IconsHead=MyServer Cookie: AdminName=03B090AD5F97C70D4DC47E1F79D0478B14D58B7E02C9D5E2CAF5156188725F913C0DEC85C1F90A3AE0F60B578414178E9C8ECC17D03B469D941E54A8504A3B7FE1AC4FACC8ACCC3B0D9AD9A5DBD43DE9; SkinName=Blue; DateFormat=dd/mm/yy; ThemeName=VogueTree; Language=English; ASP.NET_SessionId=wb3whmyqzmyp2gzuei32poui; Dateformat=dd/mm/yy; ShowQuickHelp=1;