File Handeling

1. Path Traversal:

   • What: Attackers use filenames like ../../etc/passwd to access restricted files outside the intended directory.

   • Example: Accessing system files (e.g., passwords) by tricking the app into navigating up folder levels.

2. Null Byte Injection:

   • What: Adding %00 (null byte) to filenames to bypass validation (e.g., malicious.php%00.jpg becomes malicious.php).

   • Example: Disguising executable code as an image file.

3. Improper Resource Handling:

   • What: Failing to close files properly, leading to resource leaks and denial-of-service (DoS) attacks.

   • Example: Crashing the server by flooding it with open files due to unclosed streams.

Key Fixes: Validate filenames, strip null bytes, and ensure resources are closed after use.

1. Upload of dangerous Content

   • upload of files that can execute a harmful script on the server or after on the client after downloading it -> check content of files

2. Ability to overwrite files

   • through file path injection

3. Quota Overload DoS:

   • Upload huge amounts of data leading to denial of service because consuming all the storage -> e.g. zip-bombs.