Tag Info

Hot answers tagged file-upload

33 votes

What security risks are there in allowing someone to upload PHP scripts?

It's very dangerous, because you are allowing to someone to upload PHP file with unknown code and unknown intentions, so if you need this functionality as part of your web site, you should harden your ...

hmrojas.p

1,059

answered Mar 21, 2018 at 15:47

28 votes

What security risks are there in allowing someone to upload PHP scripts?

If you allow somebody to upload and execute a PHP script on your server, you effectively give this person the right to do whatever he or she could do, if she had ssh access with username/password for ...

Jacco

7,772

answered Mar 21, 2018 at 14:21

26 votes

Is hashing user input data redundant on HTTPS?

But with https, is this unnecessary? Https encrypts any data with a key, so if something was altered during transfer, the decryption on the server would fail, right? It's not uncommon for a file ...

JimmyJames

3,447

answered Mar 10 at 20:45

25 votes

What security risks are there in allowing someone to upload PHP scripts?

To me it sounds like you are about to shoot yourself in the foot. Letting people you don't trust upload and run PHP on your server is extremely dangerous. Here are some things an attacker could try: ...

Anders

65.9k

answered Mar 22, 2018 at 9:51

23 votes

Accepted

How insecure is FTP?

With plain FTP the credentials are passed in plain and thus can be easily sniffed. Also, the files are not only send in plain but they are also not protected against modifications, i.e. an active man ...

Steffen Ullrich

213k

answered Aug 19, 2018 at 20:34

17 votes

What security risks are there in allowing someone to upload PHP scripts?

While there are sites that allow you to run PHP code on demand (i.e. 3v4l), they severely limit what you can do and jump through some major hoops to do it safely I use a setup where scripts are ...

Machavity

3,788

answered Mar 21, 2018 at 17:53

12 votes

How insecure is FTP?

Credentials are transfered in clear text, but you know that from the other posts. But how easy is it to get those details? As an example I ran tcpdump and connected to an FTP server. Lets take a ...

Joe M

3,012

answered Aug 20, 2018 at 2:31

11 votes

How to prevent XSS in SVG file upload?

Take a look at this fantastic blog post that was recently published by security researcher Robin (@digininja) about this exact topic: Direct view with content-disposition: attachment - not vulnerable -...

ThorTL67

answered Aug 30, 2018 at 15:16

11 votes

Is hashing user input data redundant on HTTPS?

Hashing alone cannot ensure integrity. If you assume the file can be manipulated by an attacker, then nothing prevents this attacker form also changing the hash and making it match the new file ...

Ja1024

38.2k

answered Mar 10 at 10:31

10 votes

Securing HTTP File Transfer over local network

For security, you need authentication. If Alice wants to sends a file to Bob's computer, Alice's app needs a way to verify that it's Bob's computer it's talking to, and not an attacker's computer. So ...

Sjoerd

35.6k

answered Jun 24, 2024 at 8:49

10 votes

Is hashing user input data redundant on HTTPS?

With https, data is first encrypted, then decrypted. The data could be damaged before or during encryption, or during or after decryption. To https, everything may look fine. Adding a checksum will ...

gnasher729

3,114

answered Mar 10 at 21:16

9 votes

Accepted

CSRF attack on file upload functionality

Yes, you are vulnerable. Every endpoint that modifies the state of your server needs to have protection against CSRF attacks. File uploads are not excluded. So how can this be exploited? If your site ...

Anders

65.9k

answered Dec 12, 2017 at 18:03

8 votes

Accepted

Is it possible to get XSS through uploading an image via the filename?

Could there exist some site that is vulnerable in this way? Sure, obviously. If the server takes the user-supplied file name and tries to emit it, unescaped, into the document, you'll get XSS. Same as ...

CBHacking

53.9k

answered Oct 12, 2019 at 3:15

8 votes

Is hashing user input data redundant on HTTPS?

Another problematic factor of your method is data integrity in storage. Once the file is uploaded to the server, it's important to ensure that said file remains unchanged while stored. Hashing can be ...

security_paranoid

4,795

answered Mar 11 at 0:08

7 votes

MIME Type vs. Magic Numbers

If you are talking about file uploads to a server use various methods to check the filetype. The overhead is tiny. Magic numbers give you a more robust way to verify the filetype but can still be ...

TrickyDupes

2,869

answered Sep 22, 2017 at 14:27

7 votes

Pentesting file upload functionality

If it is an Apache server, you might be able to upload a .htaccess file, enabling you to establish directory listings or specifying file extensions to run like php, jsp, py or whatever the server is ...

DarkLighting

1,523

answered Sep 27, 2017 at 21:02

7 votes

Accepted

Why does the file "shell.php.jpg" can execute as a php file but "shell.jpg" cannot?

shell.php.jpg should be treated as a .jpg file You're exploring DVWA, so not every should be means is. If I had to guess, the upload script properly checks the extension of the file and allows it, but ...

Andrew Morozko

1,749

answered Jul 17, 2019 at 17:24

7 votes

CVE-2017-15580: Getting code execution with upload

I don't think that you read the CVE or the PoC properly. The PoC says that the reverse shell is to get a shell "of the end user". Not the server. So, you are not doing anything wrong. You ...

schroeder♦

134k

answered Dec 31, 2020 at 8:48

7 votes

Is hashing user input data redundant on HTTPS?

Hashing has a secondary purpose of also verifying that the data is complete -- e.g. was not truncated due to a connection interrupt. There are other ways to check for this, depending on how much ...

Miral

answered Mar 11 at 2:43

6 votes

Accepted

Is using enctype="multipart/form-data" always a bad idea?

Using enctype="multipart/form-data" creates both a binary and an ascii upload I consider this statement wrong. There is application/x-www-form-urlencoded where the body of the POST request consists of ...

Steffen Ullrich

213k

answered Jan 31, 2018 at 17:15

6 votes

Accepted

Malicious PDF file upload

Run them all through a converter into PDF/A format. It forbids any sort of active content. If they won't convert, trash them. IDS/IPS with Anti-Malware license Scanning is a losing battle. No ...

PushfPopf

answered Oct 30, 2018 at 15:52

5 votes

What security risks are there in allowing someone to upload PHP scripts?

PHP has a lot of functions to disable features and restrict certain actions so it can be used in shared hosting scenarios. So it is much safer to allow people to upload php scripts than i.e. perl ...

allo

3,512

answered Mar 22, 2018 at 12:39

5 votes

Accepted

What are the potential vulnerabilities of allowing a large http body size?

I'm going to go for an answer but I'm also not an expert on this particular topic, so I'll be curious to read any other answers that might come in. I believe that the short answer is this: allowing ...

Conor Mancone

31.9k

answered Mar 31, 2018 at 23:04

5 votes

Accepted

File upload security in webapp - overview of setup

I think the only way to answer this is through a collaborative commenting effort, so here goes a community wiki: Of course only registered users can upload, but I know that doesn't mean anything. ...

Community wiki

2 revs, 2 users 96%
Marcus Müller

5 votes

How can I inject real php code into this website?

This is... strange. My guess is that you are right in that this is some sort of protection mechanism, but it doesn't look like a very stable one. A better approach would be to block files with .php or ...

Anders

65.9k

answered Nov 28, 2019 at 22:37

4 votes

How to prevent XSS in SVG file upload?

While @ThorTL67 points out some completely vaild solutions, I don't feel comfortable with any of them, and they seem kinda irresponsible to me. This is because any malicious JS within the SVG is ...

undo

2,155

answered Jul 5, 2019 at 19:51

4 votes

Accepted

Does opening an arbitrary file in a language (such as Python) pose a security risk?

No. If the filename is controlled by the user, then you might open yourself up to vulnerabilities (e.g. an attacker might try to read config files with the database password). But just opening a file ...

Luc

33.3k

answered Feb 11, 2018 at 12:44

4 votes

Accepted

Can an XXE attack be carried out from within an docx file?

In an XXE attack, the attacker sends XML including an external entity referencing some secret file or resource on the server. For this to be useful to the attacker, the server needs to include the ...

Anders

65.9k

answered Mar 8, 2018 at 10:35

4 votes

Execute an uploaded php script on a vulnerable server if I know it's location?

Unless the server is severely misconfigured, it will never execute .jpg files as .php files. The last segment after a . is the relevant one when determining file extensions, which means that you are ...

tim

29.8k

answered Jun 24, 2018 at 14:53

4 votes

How insecure is FTP?

How insecure… really… is FTP? As insecure as any other application layer protocol that is not encrypted, for example HTTP. But what exactly is the risk being posed? The major risk is exposure (to ...

hft

5,286

answered Aug 19, 2018 at 20:35

Only top scored, non community-wiki answers of a minimum length are eligible

304

questions tagged

file-upload

file-upload × 304
php × 74
web-application × 52
xss × 18
javascript × 15
exploit × 14
appsec × 14
http × 13
file-types × 13
malware × 10
webserver × 10
apache × 10
file-encryption × 9
file-access × 9
encryption × 8
penetration-test × 8
antivirus × 8
attack-prevention × 8
image × 8
web-browser × 7
virus × 7
java × 7
.net × 7
html × 7
linux × 6

Tag Info

Hot answers tagged file-upload

Related Tags