Don’t Accept Gifts From Strangers–Even Through HTML Form File Elements

added by wiredone
7/9/2012 6:27:15 AM

0 Kicks, 47 Views

If you’re developing on the ASP.Net web stack you’ve probably used either the WebForms FileUpload control or the MVC HttpPostedFileBase model binding parameter many times before. On a badly configured website this can create a perfect storm of insecurity potentially exploited by anyone who uploads malicious files. As this very attack can be your website’s undoing let’s take a look at why it’s a problem and what you can do to fix it.