Unrestricted File Upload

0
Any file extension can be uploaded without validation on either the client side or server side. Even though the application detects the file as invalid and returns an error message stating, "The file is invalid," it still uploads the file successfully. Noted : I use 3 ways and still not fixing point one:fix by setting the Allowed Extensions in the Widget point 2: Get file type and check the size in microflow point 3: I used MagicNumber as java action  
asked
2 answers
1

Hi,

 

Try to add a Before commit event and add your safety checks there; if returned false, the file will not be committed to the database. 

 

This adds an extra layer of validation before pushing the file to the database and also make sure to trigger the BCo flow whenever required.

 

I hope helps !!

answered
0

Hi Mohammed,

this is for our App security, we expect specific type of file extensions,

we are using Burp Suite Community tool, it check if the file has Virus, so then we can change the extensions to the existing one like pdf

answered