file-upload – Page 2 – WindowsTechs.com

How to get automatic image file download to the back of a web page? [closed]

Posted on February 3, 2024 by lkk4325

I have a simple web page that I created with HTML and CSS. I’m just opening the page with index.html file like (C:/admin/) so I didn’t make it public.
This is a hidden image file behind my website, so I want to embed it. When the website i… Continue reading How to get automatic image file download to the back of a web page? [closed]→

How to properly use cURL –data-binary to send a request payload

Posted on January 8, 2024 by Maestro

This question is out of pure curiosity. I know I can send multipart formposts using curl’s –form/-F option. However, I was curious to see if the same can be done with the –data-binary option? For example, if I run the following script to… Continue reading How to properly use cURL –data-binary to send a request payload→

Issue uploading a file with cURL to WebSecurityAcademy Lab on PortSwigger.com

Posted on January 4, 2024 by Maestro

I want to solve an apprentice-level lab on PortSwigger.com focused on file upload vulnerabilities; the lab is called Remote code execution via web shell upload. The labs on PortSwigger.com encourage the use of Burp. However, while Burp is … Continue reading Issue uploading a file with cURL to WebSecurityAcademy Lab on PortSwigger.com→

The safest and fastest way to upload files in Docker Container

Posted on November 1, 2023 by mamad2559

In a docker project of Asp.net Core MVC 6.0, users must upload files to wwwroot of the project but nothing checks to see if the file is safe or not.
I check file extensions with my file header library but is this enough?
When I searched th… Continue reading The safest and fastest way to upload files in Docker Container→

What are legit alternative to bayfiles or anonfiles? [closed]

Posted on October 7, 2023 by naarter

anonfiles and bayfiles have been shut down. What are the alternatives to these websites?

Continue reading What are legit alternative to bayfiles or anonfiles? [closed]→

Does using Apache/nginx actually improve security of a webapp?

Posted on October 1, 2023 by BigMistake

Let’s say there is a webapp where users can upload files with sensitive data and view analytics generated by the backend. Does using a reverse proxy like nginx or Apache actually help with the security of the website? I have seen this clai… Continue reading Does using Apache/nginx actually improve security of a webapp?→

How do I create a site with secure user data upload on AWS? [closed]

Posted on September 28, 2023 by BigMistake

I want to have users upload data, but need to ensure it stays secure and cannot be mixed up with or touch other users’ data. How do I do this with AWS?

Continue reading How do I create a site with secure user data upload on AWS? [closed]→

Secure Serving of File Uploads on PHP Server without Root Config Possibilities? (Apache)

Posted on August 28, 2023 by DevelJoe

To secure the file uploads to a PHP/Apache server, I have already implemented the following steps:

Solid upload validation from PHP Framework
Used own names for uploaded files
Place uploaded files in server directory outside + above web r… Continue reading Secure Serving of File Uploads on PHP Server without Root Config Possibilities? (Apache)→

Where is the file upload path on a webserver? [closed]

Posted on August 22, 2023 by MMDF

I’m currently testing file upload vulnerability. How should I identify the webserver’s file upload path by analyzing or intercepting the POST traffic?

Continue reading Where is the file upload path on a webserver? [closed]→

LFI to RCE in java EE Application

Posted on July 22, 2023 by Abu Bakar

I found vulnerable end-points in my university’s old portal. It should not be accessible but I found it somehow.
-> First end-point allows me to upload any kind of file on following path : /home/oracle/Oracle/uploads/candidate/
-> … Continue reading LFI to RCE in java EE Application→