File Upload

File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size.

Attackers can leverage file upload vulnerabilities to upload malicious documents to the server intended to be downloaded by an end user or server-side script files which could potentially enable remote code execution.

Upload Scanner

The upload scanner extension in Burp Suite allows for for easy and automated testing of file upload vulnerabilities. I've had this scanner find a number of vulnerabilities for me such as XSS and XXE while testing other functions of the web application.

Payloads

When testing file upload vulnerabilities it's important to try uploading different files to see how the application handles them. For example, your may not be able to trigger a payload from uploading an svg file but you may be able to using a html file.

The following repository on GitHub has a signifcant amount of ready-to-pwn payloads, notably in the XSS and XXE sections:

Additionally, leverage an open source project for generation malicious PDFs such as "Malicious PDF Generator" from Jonas Lejon:

References