Please enable JavaScript.
Coggle requires JavaScript to display documents.
File Upload - Coggle Diagram
File Upload
Malicious Files
Exploit vulnerabilities in the file parser or processing module (e.g. ImageTrick Exploit, XXE)
ImageTrick
There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.
-
-
-
-
-
Send ZIP bombs, XML bombs (otherwise known as billion laughs attack), or simply huge files in a way to fill the server storage which hinders and damages the server's availability
-
Client-side active content (XSS, CSRF, etc.) that could endanger other users if the files are publicly retrievable.
-
-
-
-
-
-
-
-