File backdooring

Overview

Certain file-types allow backdoors to be inserted. This can lead to a compromise of the user's browser or computer, and can lead to user account compromise.

What makes a site vulnerable?

A site may be vulnerable to file backdooring attacks if it allows users to upload files to the webserver. If backdoors are inserted into the files, any users downloading the files will be put at risk. Vulnerable file types include Quicktime files (including .mp3, .avi, .mov, .wav, etc.), PDF files and Windows media files (.wmx, etc.).

Impact of the attack

The backdoored files can potentially compromise the user's browser or computer. This can lead to a compromise of the user's login details, giving the attacker access to the user's account.

Counter-arguments to attack

It is not 'backdooring' and it is just permitted functionality: here

Preventing the attack

The attack can be prevented by removing the ability to upload files. Alternatively, the files can be processed to check for the presence of backdoors and either sanitized or rejected if a backdoor is detected.

Website Security Book

Security for websites, web-applications and web-services