File Upload Vulnerabilities

Firstly, uploaded files do not get renamed as part of the upload process. The file name appears in the URL of the profile image when it is published.

Firstly, uploaded files do not get renamed as part of the upload process. The file name appears in the URL of the profile image when it is published.

A hacker

example.com/profile/edit

A file chooser dialog

YOUR PROFILE

USERNAME

Mal