Often Misused File Upload ( 11503 ) Check the File Extension During Upload

#vulnerabilities

After performing a source code vulnerability scan on the website, the report indicated the issue "Often Misused: File Upload (11503)." To fix this vulnerability, the frontend must validate the file extension.

<input name="file" type="file" accept=".jpg" />

Additionally, the backend must also validate the file extension. The report pointed out that the scanning tool bypassed the frontend checks and directly uploaded a .exe file to the server.
This issue is not a big deal and is easy to fix by checking the file extension on the backend, and rejecting any non-compliant files.

string extension = Path.GetExtension(file.FileName);

if (!(extension == ".jpg"))
{
    throw new Exception("Uploading a file with a disallowed extension.");
}

With that, the vulnerability is considered fixed. Job done☑️

Thanks for reading the article

If you like it, please don't hesitate to click heart button ❤️
or follow my GitHub I'd appreciate it.

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →