[Owasp-modsecurity-core-rule-set] About file upload with trojan horse detect
dreamice.jiang at gmail.com
Thu Aug 13 21:42:38 EDT 2009
Thanks for your reply.
Yes, the client client uses a file upload interface to upload a file, for
example a.asp. Then he access a.asp and excute the code in a.asp.
I do not know how to prevent the attack. Can we check the upload-file's type
when client upload this file? sometimes, the attacker may modify the suffix
of the file for cheating de file-suffix checking.
Could you give me some advice?
2009/8/13 Ryan Barnett <ryan.barnett at breach.com>
> On Thursday 13 August 2009 05:02:47 am Junyong Jiang wrote:
> > Dear all,
> > Right now, I have a problem with the file upload with trojan horse.
> > Unfortunately, there are no modsecurity rules for checking the
> > contents, either the file type.
> > Could some one offer your own testing rules of detecting the "file upload
> > with trojan horse" behavior for me to study?
> > Thanks in advance.
> Could you please provide more details about what the issue is? I am
> guessing that you want to try and identify is a client uses a file upload
> interface (that your application offers) to upload a webpage that allows for
> executing OS commands, etc... Is this accurate?
> Ryan C. Barnett
> WASC Distributed Open Proxy Honeypot Project Leader
> OWASP ModSecurity Core Rule Set Project Leader
> Tactical Web Application Security
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-modsecurity-core-rule-set