If a website allows the user to upload files, it’s usually considered a vulnerability and the server has to do a bunch of checks.
Does it depend on what the server does with the file? If the user uploads a hacking script, but the server is configured to do absolutely nothing with what’s uploaded, how can that script ever run?
And how can a user know what the server is doing with the file? Yeah trial and error, but trial what, and aren’t there countless things to trial?
In: Technology
Sooooo, just about anything can be a vulnerability.
ELI5 version: Imagine a spider builds a web. The spider carefully connects the web to a branch of a tree and weaves a bunch of circles around and around to make the web.
Then, a fly comes buzzing along and lands in the middle of the web. The web stops the fly, but in order to remove the fly, the spider has to tear a piece of the web out and patch it.
This, in turn may make that one part of the web better at catching flies in the future but it also leaves a part of the web heavier and more vulnerable to the wind.
Explanation:
The spider is the programmer. The branches are the original security measures. The web is the website/server. The fly is a vulnerability, and the wind is future vulnerabilities. The patch in the web is a change to the original coding.
At first, you have a base level of security, or should. As time goes on and vulnerabilities become known. The patches usually come in the form of an update, which could potentially cause more vulnerabilities that are not yet known. There are tons of exploits (viruses) that use vulnerable points to give the creator what they want. Yet there are also constant patches and updates to combat those vulnerabilities.
Latest Answers