file-upload – Page 4 – WindowsTechs.com

Confirming File upload directory traversal without knowing upload path or being able to retrieve the uploaded file?

Posted on August 23, 2022 by AlexWPryor

I am faced with a file upload functionality. We can upload docs and png’s but cannot view them.
I have tested for several things so far and now would like to test for directory traversal via file name.
I.e if can I upload / replace files i… Continue reading Confirming File upload directory traversal without knowing upload path or being able to retrieve the uploaded file?→

Does user uploaded image file to HTML input form pose a risk?

Posted on May 20, 2022 by AskedSuperior

I have a site where I need to get a logo from the user, they can click the input form and upload only .jpeg or .png files. After this the file will stay client side and be used to automatically create a pdf with their uploaded file.
My que… Continue reading Does user uploaded image file to HTML input form pose a risk?→

Protection against JPEG compression bombs

Posted on May 17, 2022 by salazar324

There is a well-known threat named compression bombs. Such image formats as PNG and JPEG use compression methods, and therefore and in theory PNG/JPEG images might be a compression-bomb.
I’ve found an example of PNG, and many mitigations g… Continue reading Protection against JPEG compression bombs→

What are the security concerns of embedding Base64-encoded images into an HTML document?

Posted on May 17, 2022 by salazar324

We are developing an MVC web-application in Django and having concerns about image uploading.
First of all, here are our business requirements:

Our users can upload images (like profile pictures, etc).

Only authenticated users can upload… Continue reading What are the security concerns of embedding Base64-encoded images into an HTML document?→

Choosing file types to test file upload vulnerabilities

Posted on May 17, 2022 by Charlie

While I was learning about file upload vulnerability one question came to my mind. What type of file do I use while hunting file upload vulnerability? Do I need to detect which programming language is used on the backend? Php extension fil… Continue reading Choosing file types to test file upload vulnerabilities→

File can upland bug works on my localhost but it’s not working on the server [closed]

Posted on May 15, 2022 by Malek

I am trying to find bugs in a source code in php and I found this
<?php

$Key=$_POST["key"];
$FileName=$_POST["filename"];
$FileData=$_POST["filedata"];
$Key=(base64_decode($Key));
$FileName=(ba… Continue reading File can upland bug works on my localhost but it’s not working on the server [closed]→

Image uploading in a web-application

Posted on May 15, 2022 by salazar324

We are developing an MVC web-application in Django and having concerns about image uploading. We’ve done some research on this topic and came up with a setup we want to share here for advices and critique.
First of all, here are our busine… Continue reading Image uploading in a web-application→

File can upland on my localhost but it’s not uploading on the client site [closed]

Posted on May 12, 2022 by Malek

I am trying to find bugs in a source code in php and I found this
<?php

$Key=$_POST["key"];
$FileName=$_POST["filename"];
$FileData=$_POST["filedata"];
$Key=(base64_decode($Key));
$FileName=(ba… Continue reading File can upland on my localhost but it’s not uploading on the client site [closed]→

File sharing with compromised Windows machine

Posted on May 11, 2022 by humky

I want to connect a known to be compromised Windows machine to the network for file sharing, it has lots of pirated software installed therefor not secure. Can it be isolated so that nothing can propagate on the network and compromise othe… Continue reading File sharing with compromised Windows machine→

How to design a secure file storage/sharing platform

Posted on May 10, 2022 by Petru Tanas

As the title implies, I would like to design a secure file storage/sharing platform. This is an abstract design question, so details regarding programing languages or platforms are not particularly relevant, unless they represent the only … Continue reading How to design a secure file storage/sharing platform→