[Owasp-modsecurity-core-rule-set] About file upload with trojan horse detect
ryan.barnett at breach.com
Thu Aug 13 11:47:27 EDT 2009
On Thursday 13 August 2009 05:02:47 am Junyong Jiang wrote:
> Dear all,
> Right now, I have a problem with the file upload with trojan horse.
> Unfortunately, there are no modsecurity rules for checking the upload-file
> contents, either the file type.
> Could some one offer your own testing rules of detecting the "file upload
> with trojan horse" behavior for me to study?
> Thanks in advance.
Could you please provide more details about what the issue is? I am guessing
that you want to try and identify is a client uses a file upload interface
(that your application offers) to upload a webpage that allows for executing OS
commands, etc... Is this accurate?
Ryan C. Barnett
WASC Distributed Open Proxy Honeypot Project Leader
OWASP ModSecurity Core Rule Set Project Leader
Tactical Web Application Security
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-modsecurity-core-rule-set