IV97281: Malicious file uploads by bypassing JavaScript validation


Malicious file uploads are possible by bypassing the JavaScript validation, even after the appropriate properties are set to restrict EXE files.

Moving forward, we resolved an issue where malicious files can be uploaded via document upload by bypassing the client side validation.

[Admin: This post is related to the 01.25.16 post and 07.18.15 post about restricting the upload of certain file types. To see other related posts, use the Vulnerability tag or CVE tag.]

Continue reading

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s