An Analysis of Vulnerability Web Against Attack Unrestricted Image File Upload

Imam Riadi; Eddy Irawan Aristianto

doi:10.18495/comengapp.v5i1.161

[1] Exploit Database. “Oscommerce Remote File Upload and File Disclosure Vulnerabilities”, [online] 2011, https://www.exploit-db.com/exploits/36248/ (Accessed : 10 January 2015)
[2]OWASP. “Top Ten OWASP 2007”, [online] 2007, https://www.owasp.org/index.php/Top_10_2007 (Accessed: 11 Januari 2015)
[3]Mansfield, N. Practical TCP/IPinLinux andWindows. Yogyakarta: Andi Publisher, 2004.
[4] Gapta, K, Govil, M., Singh, G., “Rational Unified Treatment for Web Application Vulnerability”in 12th International Joint Conference on Computer Science and Software Engineering (JCSSE), 2015.
[5] Zao, J., Gong R, "A New Framework of Security Vulnerabilities Detection in PHP Web Application", in9th International Conference on InnovativeMobile andInternet Services ini Ubiquitous Computing, 2015, pp.271-276.[6] Rafique, S., Humayun, M., Hamid B., Abbas, A, Akhtar, M., Iqbal, K.,"Web Application Security Vulnerabilities Detection Approaches: a Systematic Mapping Study”, inProceeding IEEE SNPD, Takamatsu, Japan,2015,pp1-6.
[7] Salas, M.I.P., Martins, E.,“A Black-Box Approach to Detect Vulnerabilities in Web Services Using Penetration Testing”, in proceedings on IEEE Latin America Transaction, Vol. 13, No. 3, 2015, pp707-712.
[8] Benjamin, V., Li, W., Holt, T., Chen, H., “Exploring Threats and Vulnerabilities in Hacker Web: Forums, IRC and Carding Shops”inproceedings IEEE, Intelligence and Security Informatics (ISI)2015, pp.85-90.
[9]Oscommerce. “Official osCommerce Site”, [online] 2015, http://oscommerce.com, (Accessed: 14 Januari 2015)

Abstract viewed - 1588 times
PDF downloaded - 1555 times

Affiliations

Imam Riadi
Universitas Ahmad Dahlan

Eddy Irawan Aristianto
Universitas Ahmad Dahlan

Content Top

An Analysis of Vulnerability Web Against Attack Unrestricted Image File Upload

Imam Riadi ,
Eddy Irawan Aristianto

Vol 5 No 1 (2016)

DOI 10.18495/comengapp.v5i1.161

Submitted: Dec 3, 2015

Published: Feb 29, 2016

Abstract

The development of computer security technology is very rapidly. Web security is one of the areas that require particular attention related to the abundance of digital crimes conducted over the web. Unrestricted file upload image is a condition in the process of uploading pictures is not restricted. This can be used to make the attacker retrieve the information that is contained in a system. This research developed with several stages, such as, data collection, analysis of the current conditions, designing improvements to the program code, testing and implementation of the results of patch. Security testing is performed to find out the difference between before and after conditions applied patch unrestricted image file upload. Based on the results of testing done by the method of penetration testing results obtained before the application of patch unrestricted image file upload results respondents said 15% strongly disagree, 85% did not agree. Testing after applying patch unrestricted image file upload results respondents said 7.5% strongly agree, 92.5% agree, so it can be concluded that the development of the patch that has been done has been running smoothly as expected.