Web folder sharing (read+write)

Discuss how to write good code, break bad code, your current pet projects, or the best way to approach novel problems

Web folder sharing (read+write)

Post by spidervn on Wed May 21, 2008 8:47 pm
([msg=2983]see Web folder sharing (read+write)[/msg])

Hello all,

I've got a ASP.NET 2.0 website running and one of my web folder need to be shared (read + write, not execute) for webuser and ASPNET user, cause I have a module which allow the user to upload their images (only allow image file).

The user can touch that folder by using a web form to upload their images. That form will check and validate all the input data from user carefully using [FileField].PostedFile.ContentType, I think this command will get the correct file type, prevent the exploit: "file have multiple extension".

But one day, I found some files on that folder which are not image type (there're some script file on that folder), I check the web form many times and I'm pretty sure that the problem is not comming from the upload form.

Could some body please give me a clue about this type of hacking. I'm using ASP.NET 2.0 (with AJAX extension from Microsoft), SQL 2005 and IIS 6 on the Windows2003 (Autoupdate eveyday).

Thanks in advance,
Spidervn
spidervn
New User
New User
 
Posts: 1
Joined: Wed May 21, 2008 8:16 pm
Blog: View Blog (0)


Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests