Collaborate Disseminate
I want to have users upload data, but need to ensure it stays secure and cannot be mixed up with or touch other users’ data. How do I do this with AWS?
Continue reading How do I create a site with secure user data upload on AWS? [closed]
To secure the file uploads to a PHP/Apache server, I have already implemented the following steps:
Solid upload validation from PHP Framework
Used own names for uploaded files
Place uploaded files in server directory outside + above web r… Continue reading Secure Serving of File Uploads on PHP Server without Root Config Possibilities? (Apache)
I’m currently testing file upload vulnerability. How should I identify the webserver’s file upload path by analyzing or intercepting the POST traffic?
Continue reading Where is the file upload path on a webserver? [closed]
I found vulnerable end-points in my university’s old portal. It should not be accessible but I found it somehow.
-> First end-point allows me to upload any kind of file on following path : /home/oracle/Oracle/uploads/candidate/
-> … Continue reading LFI to RCE in java EE Application
I want an authenticated user to upload an excel file to our web application. The Excel file will be parsed to generate structure.
Security is important, so we’ll need to prove that we follow best practices. However, the file will be upload… Continue reading Security requirements to upload an excel file to a cloud blob storage
I had a files analysis done on my phone using Falcon Sandbox. An alarming amount of malicious files,marked as clean, were found,identified,and shown each capable abilities. Literally THE ONLY thing of numerous apps/companies/etc I used tha… Continue reading Can malicious files be traced and removed from my phone
I had a file that was important submit with only the first four pages of my 84 page file. The other 84 pages submitted completely blank despite not being able to locate the file that has the double.pdf extension anywhere in my files. What… Continue reading Can you spyware cause files to be submitted with double and triple .pdf extension? [closed]
I was sent an email with attachments from an attorney in a contentious litigation matter despite him embedding the actual attachments at bottom of his email. The links didn’t open until I downloaded Outlook. I submitted exhibits for court … Continue reading If my system had been infected prior to submitting important files, could this cause a double and triple file extension and files to show up blank?k [closed]
We’re trying to secure our upload forms in PHP regarding image uploads and PDF files. For this purpose, we’re currently trying to do the following in all cases, according to our research done so far:
Check MIME type
Check file size
Scan c… Continue reading Validate File Uploads in PHP: PDFs and images
On my target site, I found two vulnerabilities, unrestricted file upload(to any directory) and directory traversal. I have two end points :
1- site.com/fileUp : uploads file
{
—-Request Parameters—
file_data=<file>
file_name=123…. Continue reading Uploading webshell in ASP.net application using directory-traversal and file-upload vulnerability