IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [file-types]

51 questions
1
vote
1 answer

How can I make sure an image uploaded to my server is not harmful?

I would like to allow users of my app to upload images in different formats that other users can view (including webm videos). But I would also like to make sure that the images are actual images and not harmful to display. So heres my 3 concrete…
user2741831
  • 145
  • 5
1
vote
2 answers

What PDF file format alternative should I choose if I am looking for more security in my document files?

There are tons of exploits being created using the PDF file format for most PDF viewers out there every year. PDF files have lots of power and can utilize things such as JavaScript. This is really good but comes with the cost that there is a lot of…
linker
  • 127
  • 3
1
vote
1 answer

Can string concatenation in file_get_contents() be exploited in PHP?

Let's say I have the following PHP code:
dmuensterer
  • 1,144
  • 4
  • 13
1
vote
2 answers

How can I be attacked by opening a corrupt MS Office document?

When opening a corrupt Microsoft Office document, I get a prompt that says something along the lines of: Excel [or Word/PowerPoint/etc] has found unreadable content on 'filename.xslx'. Do you wish to recover the contents of this document? If you…
simplegamer
  • 163
  • 5
1
vote
0 answers

How to assign not-PDF file by digital certificate?

XML, EPUB, etc. formats need also to be signed by digital certificate, like in the PDF's certificate-based signatures. There are reliable open-standards and open-source software to accomplish it? PS: there are a lot of resources in the Web about…
Peter Krauss
  • 129
  • 5
1
vote
0 answers

Can .mp4 files contain viruses?

An .mp4 file is a common file extension which wraps movies, video clips, etc. Can this file contain viruses? Or, to rephrase the question, if I open it with a common video player (such as Windows Media Player) can this result in my computer being…
Code Whisperer
  • 1,288
  • 1
  • 8
  • 9
1
vote
2 answers

Various questions about file compression and encryption regarding hacking (zip, rar, 7z)

So I'm curious about a few aspects of compressed files (Zip, rar, 7z, etc), and how they impact hack-ability. There is enough on this subject that I'm not clear about (since this isn't a career of mine, and I don't know too much about coding) that…
Durge
  • 19
  • 3
1
vote
1 answer

Blacklisting accepted file extensions: how careful do I need to be

Currently working on a web application which allows users to upload files onto one of our Windows servers. The application is built in ASP.NET MVC with a MySQL backend. The uploaded files are not stored on the web server, and so are inaccessible…
Bob Tway
  • 549
  • 1
  • 4
  • 12
0
votes
1 answer

Can I test/determine all decryption types on an unkown filetype. I do have the password

I have a file that's nearly 200Mb. It was reportedly packed/encrypted with Kruptos 2. But it has a .~enc extension. The header of the file is pure gibberish. Running file says it's data running mimetype says it's an application/octet-stream. …
6ft Dan
  • 155
  • 1
  • 9
0
votes
0 answers

Should I validate file types on server upload, and how?

I am trying to implement secure file uploads. I need to support various file types, including PDF, XLS, and XSL. I have implemented some basic controls, such as: Store files outside the web root Check file extension against whitelist Generate a new…
srk
  • 109
  • 3
0
votes
1 answer

Can a file extension be spoofed in windows?

For example, can an .exe file be spoofed in .txt or .mp3 in Windows and still be executed as an executable? I know some basic methods like: using right-to-left override character (U+202E) winrar 4 zip file exploit (no longer working) Is there…
s0n0fj0hn
  • 1
0
votes
1 answer

Possible dangers of .doc files

I just recieved some generic work related mail with word file attached that was requesting to Enable Editing in order to view its content. I'm not going to fall for it but it got me wondering. What could possibly happen to my PC if i enabled the…
RotV
  • 103
  • 1
0
votes
2 answers

How does an OS execute code from a PNG file?

A recent bug in Android allows a hacker to execute code that is contained within an image file. Here is the quote from the Android Security Bulletin, The most severe vulnerability in this section could enable a remote attacker using a specially…
Kolappan N
  • 2,662
  • 14
  • 26
0
votes
2 answers

Can I file download server specify what logo the file will have on the user's computer?

Is it possible for a download to specify it's own icon (as a file in the GUI)? So for example, if I download a file called foo.dmg can I make it show up (in the download bar or in the explorer) as a video. I'm asking for Mac but Windows would be a…
Jad S
  • 393
  • 4
  • 7
0
votes
2 answers

File carving JPG exif data files

So I'm very new to info sec overall but I would say I am least experienced in Digital forensics, anyway I recently had the opportunity to work with professionals and we did manual file carving. This was all fine and I could pull regular JPG Images…
Glegan
  • 1
  • 2
1 2
3
4