Acunetix released a paper on common security problems with "file upload" forms, with some examples.
Common problems such as:
- Simple upload without validation
- MIME type validation
- Blocking dangerous extensions
- Double extensions
- Image header checking
- .htaccess protection
- Client side validation
http://www.acunetix.com/websitesecurity/Why-File-Upload-Forms-are-a-Major-Security-Threat.pdf
No comments:
Post a Comment