Will the file name and contents uploaded by the user cause an attack on the server? Is there a possible security problem?

made a management system for government departments, and later asked us to rectify the hidden security problems. One of the requirements is that the file name uploaded by the user cannot contain special characters.

is it really possible to attack the server through uploaded files?

Server-security-hardening security
Aug.29,2021

there is no doubt that "arbitrary file upload" is a type of vulnerability, and it is necessary to limit the uploaded files.
uploaded files that contain malicious code and are executed at the back end will often cause attackers to get WebShell.

you might think, what does this have to do with the file name? Yes, there is.
first of all, the code contained in the file name may also be executed.
second, special characters in the file name may invalidate your file upload check, such as CVE-2015-2348.

Respondent:
YvesX @ Chuangyu Front end

for example, send a ".. / test.jsp" file to the jsp site?

Previous: Echarts: the problem of overlapping sequence tags caused by creating multiple graphs in the same grid

Next: Navicat connects to Ali database and reports 10038.

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
© 2021 CodesHelper
Advertising Contact us About us
Menu