Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Arbitrary File Upload #17

Open
salahawad opened this issue Jun 18, 2021 · 0 comments
Open

Arbitrary File Upload #17

salahawad opened this issue Jun 18, 2021 · 0 comments
Labels
security For all security issues

Comments

@salahawad
Copy link
Contributor

The profile picture can be uploaded with any extension. The default behavior of the web app is to rename with the given extension. This is a very dangerous behavior as this allows the user to upload all types of malicious files (malformed names, potential directory traversal, large files for DoS attacks, invalid file names to leak error message information...)
@salahawad salahawad added the security For all security issues label Jun 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security For all security issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@salahawad