File Upload

File Upload Bypass Severity: Critical | CWE: CWE-434 OWASP: A03:2021 – Injection / A04:2021 – Insecure Design What Is File Upload Bypass? File upload vulnerabilities occur when an application accepts user-uploaded files without adequate validation, allowing attackers to upload and execute malicious code or access sensitive files. The attack impact scales from stored XSS to full server compromise depending on execution context. Upload Vector → Bypass Filter → Store File → Trigger Execution ↑ ↑ ↑ ↑ multipart extension web root, direct access, PUT API MIME type readable LFI include, avatar content sig path image proc, import size predictable PHAR trigger Discovery Checklist Phase 1 — Enumeration ...

XXE via Binary Formats (DOCX, XLSX, SVG, ODT) Severity: High–Critical | CWE: CWE-611 OWASP: A05:2021 – Security Misconfiguration What Is XXE via Binary Formats? XML External Entity injection isn’t limited to endpoints that explicitly accept XML. Many modern file formats are ZIP archives containing XML files — Office Open XML (DOCX, XLSX, PPTX), OpenDocument (ODT, ODS), EPUB, JAR/WAR — and are processed server-side by import features, preview generators, or document converters. Any of these can trigger XXE if the server-side XML parser has external entities enabled. ...

Zip Slip / Archive Path Traversal Severity: Critical | CWE: CWE-22, CWE-434 OWASP: A04:2021 – Insecure Design What Is Zip Slip? Zip Slip is a directory traversal vulnerability in archive extraction logic. When an archive contains a file with a path like ../../webroot/shell.php, insecure extraction code writes the file outside the intended target directory — overwriting arbitrary files and enabling RCE via webshell drop. Affected archive formats: ZIP, TAR, GZ, TAR.GZ, BZ2, TGZ, AR, CAB, RPM, 7Z, WAR, EAR, JAR (any format that supports subdirectories in file entries). ...