MIME content type verification bypass
Every document or file has a valid MIME type, which is an identifier consisting of two parts, a type and a subtype, separated by a forward slash. Web developers, at times, rely on the MIME type of the uploaded file to verify whether it's a safe file or not. For an image upload application, the allowed MIME types can be image/jpeg, image/gif, and image/png. Now, we can bypass this check by simply changing the MIME type through an intercepting proxy, such as Burp Suite or Tamper Data for Firefox.
Let's consider the following PHP code, which only allows JPG and GIF files by verifying the file's MIME type during the upload process:
<?php $filename = $_FILES['image']['name']; $tmp=$_FILES['image']['tmp_name']; if(isset($_FILES['image'])){ if($_FILES['image']['type'] != "image/gif" && $_FILES['image']['type'] != "image/jpeg"){ echo "Not allowed!"; exit(0); } move_uploaded_file($tmp,"images/".$filename); ...
