Sunday 05 July 2026 16:26:14 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Arbitrary File Upload

A flaw that lets an attacker place chosen files on a server, sometimes including malicious scripts.

An arbitrary file upload flaw lets an attacker submit a file of their choosing to a server instead of a safe, expected file type. The uploaded content may be an image, document, or, in a dangerous case, a script such as PHP, ASP, or JSP.

This matters because file upload is often a path to deeper compromise. If the server stores the file in a web-accessible location and allows execution, the attacker may turn the upload into remote code execution, a webshell, defacement, or persistence. Even when code execution is blocked, uploaded files can still enable phishing pages, malware hosting, or disk exhaustion. Defenders reduce risk by enforcing strict file type validation, renaming files, storing uploads outside the web root, disabling script execution in upload directories, and reviewing logs for suspicious upload requests and unexpected file extensions.

← WIKICROOK index