[Owasp-india] file uploading vulnerability

mike mike9966 at rediffmail.com
Wed Sep 10 23:22:56 EDT 2008


  
>Hi,
>
>We have functionality in the web application, where an end user needs to upload .exe files on the server. The files are getting stored in a folder on the server.
>
>When I searched about the security issues related with file uploading, it is suggested that I need to perform virus check before uploading.  The application is build on ASP with no database.
>
>1.	Can anyone point me to the ways to perform virus scanning on the files before uploading? Are thee any plug-in/component/web service available, which I can use to perform this action?
>
>2.	If I remove the .exe extension and store file on the server, will that reduces any risk associated with virus/Trojans.
>
>3.	Apart from virus check, what all things we need to keep in mind for file uploading issues.
>
>
>Thanks in advance
>
>~Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-india/attachments/20080911/5234a869/attachment.html 


More information about the Owasp-india mailing list