DEV Community

FakeStandard
FakeStandard

Posted on

Often Misused File Upload ( 11503 ) Check the File Extension During Upload

After performing a source code vulnerability scan on the website, the report indicated the issue "Often Misused: File Upload (11503)." To fix this vulnerability, the frontend must validate the file extension.

<input name="file" type="file" accept=".jpg" />
Enter fullscreen mode Exit fullscreen mode

Additionally, the backend must also validate the file extension. The report pointed out that the scanning tool bypassed the frontend checks and directly uploaded a .exe file to the server.
This issue is not a big deal and is easy to fix by checking the file extension on the backend, and rejecting any non-compliant files.

string extension = Path.GetExtension(file.FileName);

if (!(extension == ".jpg"))
{
    throw new Exception("Uploading a file with a disallowed extension.");
}
Enter fullscreen mode Exit fullscreen mode

With that, the vulnerability is considered fixed. Job done☑️


Thanks for reading the article

If you like it, please don't hesitate to click heart button ❤️
or follow my GitHub I'd appreciate it.

Top comments (0)