file-upload – Page 2 – WindowsTechs.com

Issue uploading a file with cURL to WebSecurityAcademy Lab on PortSwigger.com

Posted on January 4, 2024 by Maestro

I want to solve an apprentice-level lab on PortSwigger.com focused on file upload vulnerabilities; the lab is called Remote code execution via web shell upload. The labs on PortSwigger.com encourage the use of Burp. However, while Burp is … Continue reading Issue uploading a file with cURL to WebSecurityAcademy Lab on PortSwigger.com→

The safest and fastest way to upload files in Docker Container

Posted on November 1, 2023 by mamad2559

In a docker project of Asp.net Core MVC 6.0, users must upload files to wwwroot of the project but nothing checks to see if the file is safe or not.
I check file extensions with my file header library but is this enough?
When I searched th… Continue reading The safest and fastest way to upload files in Docker Container→

What are legit alternative to bayfiles or anonfiles? [closed]

Posted on October 7, 2023 by naarter

anonfiles and bayfiles have been shut down. What are the alternatives to these websites?

Continue reading What are legit alternative to bayfiles or anonfiles? [closed]→

Does using Apache/nginx actually improve security of a webapp?

Posted on October 1, 2023 by BigMistake

Let’s say there is a webapp where users can upload files with sensitive data and view analytics generated by the backend. Does using a reverse proxy like nginx or Apache actually help with the security of the website? I have seen this clai… Continue reading Does using Apache/nginx actually improve security of a webapp?→

How do I create a site with secure user data upload on AWS? [closed]

Posted on September 28, 2023 by BigMistake

I want to have users upload data, but need to ensure it stays secure and cannot be mixed up with or touch other users’ data. How do I do this with AWS?

Continue reading How do I create a site with secure user data upload on AWS? [closed]→

Secure Serving of File Uploads on PHP Server without Root Config Possibilities? (Apache)

Posted on August 28, 2023 by DevelJoe

To secure the file uploads to a PHP/Apache server, I have already implemented the following steps:

Solid upload validation from PHP Framework
Used own names for uploaded files
Place uploaded files in server directory outside + above web r… Continue reading Secure Serving of File Uploads on PHP Server without Root Config Possibilities? (Apache)→

Where is the file upload path on a webserver? [closed]

Posted on August 22, 2023 by MMDF

I’m currently testing file upload vulnerability. How should I identify the webserver’s file upload path by analyzing or intercepting the POST traffic?

Continue reading Where is the file upload path on a webserver? [closed]→

LFI to RCE in java EE Application

Posted on July 22, 2023 by Abu Bakar

I found vulnerable end-points in my university’s old portal. It should not be accessible but I found it somehow.
-> First end-point allows me to upload any kind of file on following path : /home/oracle/Oracle/uploads/candidate/
-> … Continue reading LFI to RCE in java EE Application→

Security requirements to upload an excel file to a cloud blob storage

Posted on June 19, 2023 by Glasnhost

I want an authenticated user to upload an excel file to our web application. The Excel file will be parsed to generate structure.
Security is important, so we’ll need to prove that we follow best practices. However, the file will be upload… Continue reading Security requirements to upload an excel file to a cloud blob storage→

Can malicious files be traced and removed from my phone

Posted on June 14, 2023 by Curiouskat

I had a files analysis done on my phone using Falcon Sandbox. An alarming amount of malicious files,marked as clean, were found,identified,and shown each capable abilities. Literally THE ONLY thing of numerous apps/companies/etc I used tha… Continue reading Can malicious files be traced and removed from my phone→