Application Security, Technology

Malicious exploitation of Unauthenticated Request submissions

During a recent penetration test on one of our client's application, we came across a case of malicious file propagation through the application server. The attack does not require an authenticated session. The vulnerable section is accessible by unauthenticated users. The attack involves an attacker submitting a malicious request (a...

by Ankit Giri
Tag: file upload


Uploading a file using only Ajax

We often need to upload a file without refreshing page or even before user submits the complete form. We have been using flash uploaders or i-frames to achieve that. However now it is possible to upload a file using only ajax and javascript. The first thing we need is a HTML form that will allow the user to select the file that they...

by Mansi Arora
Tag: file upload


Groovy HTTP builder for sending multipart file.

I had two applications that communicate with each other through web-services. There I had a requirement to send multi-part file from one application to another. After searching I came out with the following solution and thought to share: [java] import org.apache.http.entity.mime.MultipartEntity import...

by Divya Setia
Tag: file upload


Grails : Upload and Render File

Lets discuss how can we upload a file and store it in a database, along with that how do we render it on the gsp page. I am taking an example to upload and render the image in this blog, though the code would be same for any other file. So Lets consider I have a domain class with the name Person class Person { . ...

by Amit Jain
Tag: file upload