You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
While trying the tool, I find that the uploading file functionality relies on using the user-provided filename extension which could be a security issue as described in CWE-646: Reliance on File Name or Extension of Externally-Supplied File.
Attacker could obfuscate the file name extension and drop malicious code on the server for the further attack.
Thanks for reading.
The text was updated successfully, but these errors were encountered:
Hello,
While trying the tool, I find that the uploading file functionality relies on using the user-provided filename extension which could be a security issue as described in CWE-646: Reliance on File Name or Extension of Externally-Supplied File.
Attacker could obfuscate the file name extension and drop malicious code on the server for the further attack.
Thanks for reading.
The text was updated successfully, but these errors were encountered: