Collaborate Disseminate
I found a reflected XSS in a POST request that sends a file to the web server.
The HTTP POST Request
The HTTP 200 OK Response
When I want to try to insert document.cookie in the payload, the web server detects the dot and breaks the inject… Continue reading XSS injection in the name of a file to be sent
I successfully tried the File Upload Vulnerability (Low Security)in DVWA and successfully gain access to the Metasploitable machine. During File Upload there is an message generated if the file upload is successful or otherwise as seen in … Continue reading Exploiting File Upload Vulnerability Similar to DVWA in Real Web App
The php.net page on the move_uploaded_file() function contains a User Contributed Note which says,
Security tips you must know before use this function:
First: make sure that the file is not empty.
I really cannot see how an empty file c… Continue reading Can an empty uploaded file cause any security issues?
I have a lengthy HTML form with around 20-26 file uploads required and some of them are even multiple. I am really concerned about how secure it is. I would really like to have some secure solution to it.
I am using phpmailer for my projec… Continue reading Handling file uploads securely in phpmailer/php
This question is about letting a potentially malicious user upload videos to your site – specifically, handling the file itself.
With images, one one simple thing you do (after every other thing is validated) is
if( $uploaded_type == ‘… Continue reading Securly uploading videos in PHP [migrated]
I am currently doing a bug bounty program and found a possible file upload vulnerability, but I am not so sure about it.
The vulnerability is on the chat function. In the chat function, users are allowed to communicate with each other and … Continue reading Unrestricted file upload in chat
I am currently doing a bug bounty program and was testing the company’s file upload functionality. After meddling with the functionality for a while, I was able to change the extension of the uploaded file to ‘.svg’ using burpsuite. I have… Continue reading File Upload Vulnerability SVG
I had a friend using my computer. It has windows 10. Is it possible to know if some files were uploaded online? Does windows keep a log of it somewhere?
Continue reading How to know if some files were uploaded from my PC with windows 10 [migrated]
Should one perform a virus scan on a file (using ClamAV) before attempting to determine it’s mime /content type (using Apache Tika), or does it not matter?
Continue reading Risk of Performing Mime Type Detection Before Virus Scan
Users have the possibility to upload a sensitive personal file to a specific website. After uploading, only the user himself and the administrator of the website have the ability to download the file again.
All files of any user are upload… Continue reading Find path of file on website with randomized string in it