Posts

Showing posts from June, 2021

Unrestricted File Uploads

Image
Uploading is the transmission of a file from one computer system to another, usually a larger computer system. For instance, a job portal would allow a user to upload a resume and certificates whereas a banking website would allow a user to upload supporting documentation such as identity, address, and income proof. What is  Unrestricted File Upload ? If the File Upload functionality is not properly designed, this might bring up the danger. An attacker can take advantage of this functionality and upload executable codes in file formats such as PHP file, JavaScript, and exe, which could attack client machines or the network by uploading viruses, worms, or trojan horses.  This is what is known as file upload vulnerability. Types of File Upload Vulnerability : Local file upload vulnerability - A local file upload vulnerability is a vulnerability where an application allows a user to upload a malicious file directly which is then executed. Remote file upload vulnerability - A rem...