IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [file-upload]

File upload means sending a file from a local system to a remote system such as a server or another client with the intent that the remote system should store a copy of the file being transferred.

286 questions
0
votes
1 answer

Uploading zipped up virus

Lets say that I have a badly-made file upload on a website. Someone uploads a zip file which contains a virus. Why would they do this? Surely the zip file is useless unless it is opened and the contents are executed?
Josh Jackson
  • 25
  • 2
0
votes
1 answer

Online backup of secret keys in crypted zip

I want to have an online backup of my private keys and other sensitive information. Which realistic attack vectors do I expose myself to by: making a zip containing the keys symmetrically crypting the zipfile (ccrypt in my case) sftping it to my…
lash
  • 299
  • 2
  • 6
0
votes
0 answers

How can JavaScript be uploaded safely to a server through a web app?

Can users who have access to web content management system be allowed to upload JavaScript files to the web server through a web app in a safe way? Or shouldn't uploading JavaScript be allowed by anyone, and it should instead be manually deployed to…
one
  • 1,781
  • 3
  • 18
  • 45
0
votes
1 answer

How to safely exchange functionality of a file between two computers?

I have two computers and the goal is to move a functionality of a given file from computer A to computer B. The file is supposed to have a certain known functionality but it potentially could expose additional unwanted behavior. How to safely…
soquestions
  • 3
  • 2
0
votes
0 answers

Is sharing with Direct Connect DC++ secure?

As I have some useful software that I want to share with friends and I don't like to get involved with torrents, DC++ (P2P client for sharing and chatting) seems a good way to do it, but I'm not sure if there is a risc for my system (Windows 10) to…
Deus
  • 21
  • 5
0
votes
0 answers

Verify which file a request to the server originated from

In order to make my question clear I will give a practical scenario. Lets say I have a server where I allow people to upload a script and allot them part of my drive, the script can make requests to the server in order to create files, delete them…
AlanZ2223
  • 119
  • 2
-1
votes
1 answer

BigDump v0.35b vulnerability

I dont understand what the problem with BigDump v0.35b. This site says that it have problem. But i dont understand it. Problem here? if (!$error && isset($_REQUEST["uploadbutton"])) { if (is_uploaded_file($_FILES["dumpfile"]["tmp_name"]) &&…
Fye
  • 1
  • 1
-1
votes
1 answer

Protect against Tamper Data add-on

When it comes to uploading images on a website. I know you can trick the php to believe that the file is an image by changing the extension to ".jpg" from ".php". Then once the file is uploading you can use Tamper Data to change the file extension…
h4ck3r
  • 464
  • 1
  • 4
  • 9
-1
votes
3 answers

Is it Unrestricted file upload vulnerability?

I am using a messenger app that's similar to WhatsApp. This app allows me to send any type of files, like Html, Php, SWF etc. via text messages. Is this a vulnerability?
user183535
  • 57
  • 3
-1
votes
1 answer

Vulnerabilities in PHP Form Handling Script

I'm writing a PHP script that takes input from an HTML5 form, including uploads, and emails them to an administrator using Magento's mail client. I think I've covered the basics pretty well, but I'm sure I'm missing some potential vulnerabilities as…
sadq3377
  • 101
-1
votes
1 answer

Testing File Upload Functionality

I want to test a file upload functionality and I wasn't able to upload exe files, but I could upload file.exe.jpg (adding jpg extension). What threat this file possesses after it uploaded on the server?
one
  • 1,781
  • 3
  • 18
  • 45
-2
votes
1 answer

Can an XXE attack be carried out from within an docx file?

Is XXE possible in a file upload with .docx files?
Tarek Mohamed
  • 17
  • 3
-3
votes
1 answer

How to execute PHP file after uploading it?

I have found an endpoint on a website that allow me to upload files. This endpoint didn't have any kind of protection against malicious file upload. So, I uploaded a PHP shell, but the problem is when I visit the uploaded file link, I get download…
Tarek Zidan
  • 3
  • 2
-4
votes
2 answers

Looking for Web Filtering Options to prevent employees from stealing work files/data

I have setup a small virtual office. How do I prevent my employees from uploading their work files (mostly excel workbooks) to gmail/drive or the gazillion other file sharing sites? Is there a url block list which I can download from somewhere? Is…
Terra Vita
  • 1
  • 2
-5
votes
3 answers

Difference between phpp, php, and phP?

I came across a ctf challenge where php file upload was restricted but phpp and phP were not. What other formats can php be uploaded in and what is the difference?
Aayush
  • 557
  • 6
  • 17
1 2 3
19
20