Hello all,
I've got a ASP.NET 2.0 website running and one of my web folder need to be shared (read + write, not execute) for webuser and ASPNET user, cause I have a module which allow the user to upload their images (only allow image file).
The user can touch that folder by using a web form to upload their images. That form will check and validate all the input data from user carefully using [FileField].PostedFile.ContentType, I think this command will get the correct file type, prevent the exploit: "file have multiple extension".
But one day, I found some files on that folder which are not image type (there're some script file on that folder), I check the web form many times and I'm pretty sure that the problem is not comming from the upload form.
Could some body please give me a clue about this type of hacking. I'm using ASP.NET 2.0 (with AJAX extension from Microsoft), SQL 2005 and IIS 6 on the Windows2003 (Autoupdate eveyday).
Thanks in advance,
Spidervn
Web folder sharing (read+write)
1 post • Page 1 of 1
Web folder sharing (read+write)
by spidervn on Wed May 21, 2008 8:47 pm
([msg=2983]see Web folder sharing (read+write)[/msg])
- spidervn
- New User
- Posts: 1
- Joined: Wed May 21, 2008 8:16 pm
- Blog: View Blog (0)
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests