Many websites allow users to upload their profile photo, or sometimes also their resume and educational documents in case of Educational institutes or Universities, or address proofs, identity proofs, financial documents, etc. in case of banking websites. Such file upload fields should only accept .png, .jpg, .docx, .pdf files depending on what type of file is expected.
However, due to lack of security measures, sometimes the attacker is able to upload malicious files such as .js, .php, .exe, etc. and also double extensions such as filename.exe.pdf or filename.php.docx where the attacker fools the system by adding the expected extension to a malicious script and succeeds in uploading the file. If a user is able to upload any file type other than the required extensions, it is listed as a Vulnerable File Upload Vulnerability.
Because attackers can upload malicious files (e.g., .php, .exe, double extensions), gain backend/server access, steal or manipulate data, or crash the system if restrictions are weak.
Content Sniffing
Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...
Content Sniffing
Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...
Content Sniffing
Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...
Content Sniffing
Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...
