[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] File uploading vulnerabilities

From: Bil Corry <bil@xxxxxxxxx>
Subject: Re: [WEB SECURITY] File uploading vulnerabilities
Date: Sun, 14 Sep 2008 19:04:35 -0500

Boaz Shunami wrote on 9/14/2008 3:10 AM:

you need to verify your upload mechanism is not vulnerable, this can
be done by using a known, tested, secured component or running
security audit on your existing systems.


Speaking of which, cross-site file upload attacks comes to mind:

	http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/


- Bil


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

References:
- [WEB SECURITY] File uploading vulnerabilities
  - From: mike
- Re: [WEB SECURITY] File uploading vulnerabilities
  - From: Gleb Paharenko
- RE: [WEB SECURITY] File uploading vulnerabilities
  - From: Boaz Shunami

Prev by Date: RE: [WEB SECURITY] File uploading vulnerabilities
Next by Date: Re: [WEB SECURITY] Advisory: Attack of the Mongolian space evaders... (and other Medieval XSS vectors)
Previous by thread: RE: [WEB SECURITY] File uploading vulnerabilities
Next by thread: RE: [WEB SECURITY] File uploading vulnerabilities
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site