With so many file upload problems, how can we design a secure file upload function? The file upload function in itself is not a problem; it becomes one only when exploited by attackers. Acco... Read more
The web server function may be exploited by attackers to bypass some security checks during file upload, which is a concern of the server. But in fact, server-side applications are often res... Read more
Let us have a look at PHP CGI path parsing problem. In May 2010, the domestic security organization 80sec released an Nginx vulnerability, saying that using PHP in Nginx with the configurati... Read more
IIS 6 has some loopholes in parsing files. The 0x00 character can truncate filenames; IIS and Windows have a very similar loophole, but the truncated character is “;”. When the filename is a... Read more
In Apache 1.x, 2.x, for example, filename parsing has the following characteristics: Apache parses a filename from the front until it encounters a known file type. For example, P hpshell.php... Read more
Let us have a look at the file upload check function. Many applications verify the security of a file based on the suffix of the filename. However, if the attacker manually modifies the POST... Read more
Let us look at a case of file upload vulnerability. FCKEditor is a popular rich text editor. For the convenience of the user, this editor has a file upload functionality, but this feature ha... Read more
When there is a file upload vulnerability, users can upload an executable script file to gain privileges to issue commands on the server side. This type of attack is the most direct and effe... Read more
Recent Comments