Skip to content

Files

Latest commit

012d4ec · Mar 20, 2022

History

History
23 lines (12 loc) · 704 Bytes

vulnerable-code-58.md

File metadata and controls

23 lines (12 loc) · 704 Bytes

SecurityExplained S-79: Vulnerable Code Snippet - 58

Vulnerable Code:

Vulnerable Code

Solution:

This code is vulnerable to Open Redirection Attack.

These minimum restrictions should be applied when handling file uploads:

the file upload folder to restrict untrusted files to a specific folder. the file extension of the uploaded file to prevent remote code execution. Also the size of the uploaded file should be limited to prevent denial of service attacks.

Reference: https://rules.sonarsource.com/javascript/type/Vulnerability/RSPEC-5146

Twitter Thread: https://twitter.com/harshbothra_/status/1505392450499584003

Code Credits: @SonarSource