Answer the question
In order to leave comments, you need to log in
V
V
Vladislav Tsepish2017-05-07 16:08:11
Vladislav Tsepish, 2017-05-07 16:08:11
How to test the upload form for vulnerabilities?
Now I'm testing the portal for security. I met information on the net that scripts can be loaded through the loader for subsequent execution on the server. The form filters uploaded files by extension, you can upload the script.php.jpg file, but can this theoretical vulnerability (if it is a vulnerability at all) be promoted. I did not find detailed information on the net.
1 answer(s)
@Labunsky
However, if you are concerned about .php, .py and similar files, then you also need to check the contents, since these are simple text files.
L
Labunsky, 2017-05-07 @Labunsky
The form filters uploaded files by extension, you can upload the script.php.jpg file, but can this theoretical vulnerability (if it is a vulnerability at all) be promoted.Judging by this, the extension is checked not by the magic number, but by a piece of the name, and this is not comme il faut - if the executable file is renamed, then this will not affect its functionality.
However, if you are concerned about .php, .py and similar files, then you also need to check the contents, since these are simple text files.
Similar questions
M
C
C
N
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question