[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] File uploading vulnerabilities

From: "mike " <mike9966@xxxxxxxxxxxxxx>
Subject: [WEB SECURITY] File uploading vulnerabilities
Date: 10 Sep 2008 15:22:02 -0000

--Next_1221060122---0-202.137.237.141-31244
Content-type: text/plain;
	charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

&nbsp;=0AHi,=0A=0AWe have functionality in the web application, where an en=
d user needs to upload .exe files on the server. The files are getting stor=
ed in a folder on the server.=0A=0AWhen I searched about the security issue=
s related with file uploading, it is suggested that I need to perform virus=
 check before uploading. The application is build on ASP with no database. =
=0A=0A1. Can anyone point me to the ways to perform virus scanning on the f=
iles before uploading? Are thee any plug-in/component/web service available=
, which I can use to perform this action? =0A=0A2. If I remove the .exe ext=
ension and store file on the server, will that reduces any risk associated =
with virus/Trojans.=0A=0A3. Apart from virus check, what all things we need=
 to keep in mind(from security) for file uploading issues.=0A=0A=0AThanks i=
n advance=0A=0ARegards=0AMike
--Next_1221060122---0-202.137.237.141-31244
Content-type: text/html;
	charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

<P>=0A&amp;nbsp;<BR>=0AHi,<BR>=0A<BR>=0AWe have functionality in the web ap=
plication, where an end user needs to upload .exe files on the server. The =
files are getting stored in a folder on the server.<BR>=0A<BR>=0AWhen I sea=
rched about the security issues related with file uploading, it is suggeste=
d that I need to perform virus check before uploading. The application is b=
uild on ASP with no database. <BR>=0A<BR>=0A1. Can anyone point me to the w=
ays to perform virus scanning on the files before uploading? Are thee any p=
lug-in/component/web service available, which I can use to perform this act=
ion? <BR>=0A<BR>=0A2. If I remove the .exe extension and store file on the =
server, will that reduces any risk associated with virus/Trojans.<BR>=0A<BR=
>=0A3. Apart from virus check, what all things we need to keep in mind(from=
 security) for file uploading issues.<BR>=0A<BR>=0A<BR>=0AThanks in advance=
<BR>=0A<BR>=0ARegards<BR>=0AMike=0A</P>=0A<br><br>=0A<Table border=3D0 Widt=
h=3D644 Height=3D57 cellspacing=3D0 cellpadding=3D0 style=3D'font-family:Ve=
rdana;font-size:11px;line-height:15px;'><TR><td><a href=3D'http://adworks.r=
ediff.com/cgi-bin/AdWorks/click.cgi/www.rediff.com/signature-default.htm/10=
50715198@Middle5/2606998_2599290/2602379/1?PARTNER=3D3&OAS_QUERY=3Dnull' ta=
rget=3Dnew ><img src =3D'http://imadworks.rediff.com/cgi-bin/AdWorks/adimag=
e.cgi/2606998_2599290/creative_2602379.gif'  alt=3D'578x38_banner2.gif'  bo=
rder=3D0></a></td></TR></Table>
--Next_1221060122---0-202.137.237.141-31244--

Follow-Ups:
- Re: [WEB SECURITY] File uploading vulnerabilities
  - From: James Landis
- Re: [WEB SECURITY] File uploading vulnerabilities
  - From: Gleb Paharenko
- RE: [WEB SECURITY] File uploading vulnerabilities
  - From: Eric Rachner
- Re: [WEB SECURITY] File uploading vulnerabilities
  - From: Simone Onofri

Prev by Date: RE: [WEB SECURITY] HTMLEncoding in textarea in java
Next by Date: Re: [WEB SECURITY] File uploading vulnerabilities
Previous by thread: [WEB SECURITY] HTMLEncoding in textarea in java
Next by thread: Re: [WEB SECURITY] File uploading vulnerabilities
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site