@larsencyber
  • Home
  • About
  • Blog
  • Presentations
  • Knowledgebase
  • Contact
  • Chat to me on LinkedIn
Chat to me on LinkedIn
  • About Me
  • Blog
    • Black Hat USA 2024: From Doxing to Doorstep - Exposing Privacy Intrusion Techniques used by Hackers for Extortion
    • Black Hat USA 2024: Interviews with Extorters 'Ego' and 'Reiko'
    • Crabby's Credential Stuffing: Australian Account Takeovers in 2024
    • How to Rapidly Progress your Cyber Security Career
    • Preparing for the Offensive Security Certified Practitioner (OSCP) on a Budget
    • Study & Exam Guide for the Burp Suite Certified Practitioner (BSCP)
    • Bolstering Your Incident Response Capability Using Tabletop Exercises
    • Answering "How do I get my first role in Cyber Security?"
    • Performing Re-Entrancy Attacks on the Ethereum Blockchain
    • Building a Cyber Resilient Future
    • Twitter Hack: Lessons learned and why it could have been worse
    • How to pass the Certified Informations Systems Security Professional (CISSP) from scratch
  • Contact Me
  • Knowledgebase
    • External Penetration Test
      • 1. Enumeration
        • 1. Passive
          • Validate Scope Ownership
          • Open Source Intelligence
          • Web Technology
          • Subdomains
          • Breached Credentials
          • Build Usernames List
          • File Metadata
          • Typosquatting
          • Cloud Resources
          • Code Repos
        • 2. Active
          • Port Scanning
          • Directory Fuzzing
          • Login Portals
          • Username Enumeration
      • 2. Vulnerability Scanning
        • Nessus
      • 3. Attacking Login Portals
        • Active Directory
        • Other Logins
      • 4. Vulnerability Exploitation
      • 5. Post-Exploitation
        • Demonstrate Impact
        • Domain Join Device
        • Export Global Address List
    • Web App Penetration Test
      • 1. Enumeration
        • Network Layer Services
        • Application Layer Services
        • Application Functionality
      • 2. Web Attacks
        • Exploitation of Vulnerable Services
        • Broken Access Controls
        • Cross-Site Scripting (XSS)
        • Insecure File Upload
        • Cross Origin Resource Sharing (CORS)
        • CSV/XLSX Formula Injection
  • Presentations, Publications & Podcasts
    • How Hackers Use Emergency Data Requests to Steal User Data
    • Mega money, unfathomable violence pervade thriving underground doxxing scene
    • Inside the Dark World of Doxing for Profit
    • Black Hat USA 2024: From Doxing to Doorstep
    • Crabby's Credential Stuffing: Australian Account Takeovers in 2024
    • Catching up with Jacob, Penetration Testing Lead
    • Bolstering Your Incident Response Capability Using Tabletop Exercises
    • Cyber Security, Career Development, Networking, Leadership and GRC
    • Analysis of Real Cybercrime Operators
    • Performing Re-Entrancy Attacks on the Ethereum Blockchain
    • Building a Cyber Resilient Future
  • External Penetration Test
    • 1. Enumeration
      • 1. Passive
        • Validate Scope Ownership
        • Open Source Intelligence
        • Web Technology
        • Subdomains
        • Breached Credentials
        • Build Usernames List
        • File Metadata
        • Typosquatting
        • Cloud Resources
        • Code Repos
      • 2. Active
        • Port Scanning
        • Directory Fuzzing
        • Login Portals
        • Username Enumeration
    • 2. Vulnerability Scanning
      • Nessus
    • 3. Attacking Login Portals
      • Active Directory
      • Other Logins
    • 4. Vulnerability Exploitation
    • 5. Post-Exploitation
      • Demonstrate Impact
      • Domain Join Device
      • Export Global Address List
  • Web App Penetration Test
    • 1. Enumeration
      • Network Layer Services
      • Application Layer Services
      • Application Functionality
    • 2. Web Attacks
      • Exploitation of Vulnerable Services
      • Broken Access Controls
      • Cross-Site Scripting (XSS)
      • Insecure File Upload
      • Cross Origin Resource Sharing (CORS)
      • CSV/XLSX Formula Injection
Knowledgebase
Web App Penetration Test
2. Web Attacks
Insecure File Upload

Insecure File Upload

Work in progress.

Last updated on May 1, 2024
← Cross-Site Scripting (XSS)
Cross Origin Resource Sharing (CORS) →

© 2024 Jacob Larsen.

Published with Hugo Blox Builder — the free, open source website builder that empowers creators.