If a website allows the user to upload files, it’s usually considered a vulnerability and the server has to do a bunch of checks.
Does it depend on what the server does with the file? If the user uploads a hacking script, but the server is configured to do absolutely nothing with what’s uploaded, how can that script ever run?
And how can a user know what the server is doing with the file? Yeah trial and error, but trial what, and aren’t there countless things to trial?
In: Technology
Well, for starters, the size of the file alone is a vector of attack, Even if you do absolutely nothing with it, if a user uploads a file that’s too big you may run out of storage space, memory and/or bandwith if you don’t protect yourself.
Then it’s all guess work. But you can make educated guesses. For example, let’s say your website is facebook. You allow users to upload a profile picture. You notice that if you upload and then download your profile picture, the picture is not the same. Immediately you know that the picture MUST have some kind of processing so if there’s some well-known image processing software/library you can either check for vulnerabilities on that software/library or you can check of common mistakes that people do when using such software/library.
Latest Answers