Web Application Security
File Upload with changed extension Dec 02 2014 06:44PM
Jyotiranjan Acharya (jyotiranjan121 gmail com) (2 replies)
Re: File Upload with changed extension Dec 04 2014 01:25AM
Michal Zalewski (lcamtuf coredump cx) (1 replies)
Re: File Upload with changed extension Dec 04 2014 12:26PM
Robin Wood (robin digi ninja)
No one has mentioned the ability to use the server as a warez server,
that could be a problem if the max upload file size is large enough.

On 4 December 2014 at 01:25, Michal Zalewski <lcamtuf (at) coredump (dot) cx [email concealed]> wrote:
> I can't say I'm convinced about other attacks discussed in this
> thread, but if you have a web server that allows arbitrary file
> uploads and then serves them back from a sensitive origin without
> taking *a lot* of additional precautions (the list of which is long
> and ever-changing), then you probably have a problem.
>
> For one, you can load the content via <embed> / <object> on evil.com,
> and have it interpreted as Flash, Silverlight, Java, or something of
> that sort - with permissions derived from the hosting origin and with
> no regard for file extensions or Content-Type. So, you get a form of
> XSS.
>
> The safest / simples approach to user-supplied non-HTML documents is
> to serve them in a separate domain, away from any sensitive UIs, etc.
>
>
> On Tue, Dec 2, 2014 at 10:44 AM, Jyotiranjan Acharya
> <jyotiranjan121 (at) gmail (dot) com [email concealed]> wrote:
>> If you are able to upload a file with a changed extension, then will
>> that be a problem?
>> For example, you can not ,in any way, upload a .exe or .php/.jsp/.asp
>> file directly into a web App, but you can by changing their extension
>> to .JPG. What is the risk in such a case?
>>
>>
>>
>> This list is sponsored by Cenzic
>> --------------------------------------
>> Let Us Hack You. Before Hackers Do!
>> It's Finally Here - The Cenzic Website HealthCheck. FREE.
>> Request Yours Now!
>> http://www.cenzic.com/2009HClaunch_Securityfocus
>> --------------------------------------
>>
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]
Re: File Upload with changed extension Dec 03 2014 01:42AM
Guillermo Caminer (flaco webappsec gmail com) (1 replies)
Re: File Upload with changed extension Dec 03 2014 09:44AM
Tobias Wassermann (mail tobias-wassermann de) (1 replies)
Re: File Upload with changed extension Dec 03 2014 03:29PM
Seth Art (sethsec gmail com) (1 replies)
Re: File Upload with changed extension Dec 04 2014 12:21AM
Paul Burbage (paul k burbage gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus