Application SecurityTechnology
During a recent penetration test on one of our client’s application, we came across a case of malicious file propagation through the application server. The attack does not require an authenticated session. The vulnerable section is accessible by unauthenticated users. The attack involves an attacker submitting a malicious request (a malicious file is uploaded by […]
We often need to upload a file without refreshing page or even before user submits the complete form. We have been using flash uploaders or i-frames to achieve that. However now it is possible to upload a file using only ajax and javascript. The first thing we need is a HTML form that will allow […]
I had two applications that communicate with each other through web-services. There I had a requirement to send multi-part file from one application to another. After searching I came out with the following solution and thought to share: [java] import org.apache.http.entity.mime.MultipartEntity import org.apache.http.entity.mime.HttpMultipartMode import org.apache.http.entity.mime.content.InputStreamBody import org.apache.http.entity.mime.content.StringBody import groovyx.net.http.* void sendMultiPartFile(CommonsMultipartFile multipartImageFile, String cityName) { […]
Lets discuss how can we upload a file and store it in a database, along with that how do we render it on the gsp page. I am taking an example to upload and render the image in this blog, though the code would be same for any other file. So Lets consider I have a […]
