[Owasp-india] file uploading vulnerability
mike9966 at rediffmail.com
Wed Sep 10 23:20:50 EDT 2008
>We have functionality in the web application, where an end user needs to upload .exe files on the server. The files are getting stored in a folder on the server.
>When I searched about the security issues related with file uploading, it is suggested that I need to perform virus check before uploading. The application is build on ASP with no database.
>1. Can anyone point me to the ways to perform virus scanning on the files before uploading? Are thee any plug-in/component/web service available, which I can use to perform this action?
>2. If I remove the .exe extension and store file on the server, will that reduces any risk associated with virus/Trojans.
>3. Apart from virus check, what all things we need to keep in mind for file uploading issues.
>Thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-india