Application Security, Technology
During a recent penetration test on one of our client's application, we came across a case of malicious file propagation through the application server. The attack does not require an authenticated session. The vulnerable section is accessible by unauthenticated users. The attack involves an attacker submitting a malicious request (a...
We often need to upload a file without refreshing page or even before user submits the complete form. We have been using flash uploaders or i-frames to achieve that. However now it is possible to upload a file using only ajax and javascript. The first thing we need is a HTML form that will allow the user to select the file that they...
I had two applications that communicate with each other through web-services. There I had a requirement to send multi-part file from one application to another. After searching I came out with the following solution and thought to share: [java] import org.apache.http.entity.mime.MultipartEntity import...
Lets discuss how can we upload a file and store it in a database, along with that how do we render it on the gsp page. I am taking an example to upload and render the image in this blog, though the code would be same for any other file. So Lets consider I have a domain class with the name Person class Person { . ...