[Owasp-modsecurity-core-rule-set] About file upload with trojan horse detect

Junyong Jiang dreamice.jiang at gmail.com
Thu Aug 13 21:42:38 EDT 2009


Ryan,

Thanks for your reply.

Yes, the client client uses a file upload interface to upload a file, for
example a.asp. Then he access a.asp and excute the code in a.asp.
I do not know how to prevent the attack. Can we check the upload-file's type
when client upload this file? sometimes, the attacker may modify the suffix
of the file for cheating de file-suffix checking.

Could you give me some advice?

Thanks.




2009/8/13 Ryan Barnett <ryan.barnett at breach.com>

>   On Thursday 13 August 2009 05:02:47 am Junyong Jiang wrote:
> > Dear all,
> >
> > Right now, I have a problem with the file upload with trojan horse.
> > Unfortunately, there are no modsecurity rules for checking the
> upload-file
> > contents, either the file type.
> >
> > Could some one offer your own testing rules of detecting the "file upload
> > with trojan horse" behavior for me to study?
> >
> > Thanks in advance.
>
>
> Could you please provide more details about what the issue is? I am
> guessing that you want to try and identify is a client uses a file upload
> interface (that your application offers) to upload a webpage that allows for
> executing OS commands, etc... Is this accurate?
>
>
> --
> Ryan C. Barnett
> WASC Distributed Open Proxy Honeypot Project Leader
> OWASP ModSecurity Core Rule Set Project Leader
> Tactical Web Application Security
> http://tacticalwebappsec.blogspot.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20090814/9c7dfcd9/attachment.html 


More information about the Owasp-modsecurity-core-rule-set mailing list