Exploiting Unrestricted File Upload Vulnerabilities


File Upload: The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment.

Example: Consider a website “testsite.com” that has a feature where users can upload their profile pictures. Once the image was uploaded, that is processed by the website and then the image is rendered on the user profile. The uploaded image gets saved in folder i.e. /images(testsite.com/images/profile.jpeg) and clicking on the image can get…