Hi,
When I try the product, I find that it is easy to bypass the file type restriction on the uploading functionality. The issue is CWE-646: Reliance on File Name or Extension of Externally-Supplied File
You could rename any file with the extension types presented in here to bypass the limitation. Only checking extension suffix in the filename is not enough, using magic number to check would be a better approach.
Thanks for your time reading.
Hi,
When I try the product, I find that it is easy to bypass the file type restriction on the uploading functionality. The issue is CWE-646: Reliance on File Name or Extension of Externally-Supplied File
You could rename any file with the extension types presented in here to bypass the limitation. Only checking extension suffix in the filename is not enough, using magic number to check would be a better approach.
Thanks for your time reading.