Collaborate Disseminate
I have to do an assignment for a penetration testing exam but I’m a little bit stuck.
Among all the vulnerabilities, I have to inject an upload form but it behaves oddly. If I upload a file (even an image or similar) it does not do anythi… Continue reading Stuck with injecting upload form [closed]
What payload can we embed in the jpeg that would work on website build using Django?what parser could be there?
Continue reading File upload payload for Django Framework? [closed]
Reddit has a new image upload feature that takes a very long time to work after you click submit– as long as 30 seconds. It isn’t caused by the upload itself; that happens very quickly. I don’t know what it is, and it makes me nervous, so… Continue reading Is it possible for a website to get information about you through its upload feature?
How can i upload a file via remote command execution? i tried with wget and curl command but everything is filter except google.com, i also tried to use echo but i got a problem with quotes (“) (‘), i tried this also to encode the source c… Continue reading how can i upload file with remote command execution on linux with these conditions, like filtered characters
I am developing a system for storage of medical records. A person could upload image(s) or file(s). Since it is a medical record , it needs to be stored in encrypted form.Also I want that the files or images could only be seen by authorise… Continue reading Encrypting file stores in s3
From googling, a lot of file upload vulnerabilities rely on injecting something into the filename and also rely on the picture being stored on the server, is it safe to just do a post request of the picture’s content (file-contents: ‰PNG….. Continue reading Can a file upload function be vulnerable without it the file name getting passed?
I am using a web service (call it X) which allows files to be uploaded to AWS S3.
The way it works is that an initial call is made to X which then returns a list of file descriptors and also meta information which should be injected into… Continue reading Man In The Middle Attack On File Uploads [closed]
While performing a file upload, a template parameter is sent together with file. Service acts differently when different parameters are passed.
I need help to figure out what this parameter contains.
Here are two examples:
7b0fc4f83d3fc32… Continue reading Help to understand what’s inside base64 string [migrated]
I reported a self-xss on file uploader input to a bug bounty company and they said that they will only accept it if i can find a good clickjacking exploit for that input. My question is: Is it possible to make a clickjacking … Continue reading Clickjacking and XSS on file upload input?
We have developed an application with contain file upload functionality. We use that application for internal purpose only. We use core php language.
We already use the below validations:
File extension checks (allow only … Continue reading How to validate file content in php?