/vulndb/File Upload

File upload facilities are usually considered dangerous because they can be abused to leverage various types of attacks.

If the file upload facility is not properly secured with the appropriate access controls and file type checks, it may be possible to upload malware, client-side exploits and even facilities, which can be used to run arbitrary code and commands inside the application environment.

Solution

Ensure that the file upload form has the appropriate access controls and is resilient to common attacks such as Cross-site Request Forgeries (CSRF). Also, ensure that the accepted files are checked against a whitelist of allowed file types.

Caveats

Checking the file extension is not always enough to determine the file type. For example If images are accepted then the developer needs to transcode the accepted file back to an image in order to ensure that it is normalised and doesn’t contain any known exploits.

References

http://www.w3.org/TR/2006/WD-file-upload-20061018/