Potential Security Hole

2 posts, 0 answers
  1. browniepoints
    browniepoints avatar
    9 posts
    Member since:
    Aug 2009

    Posted 10 Apr 2010 Link to this post

    If you're using the upload component, please make sure that the folder you use for uploading (if it's underneath your application) does not have execute or execute script privileges. Otherwise, a user can upload an aspx file and execute it as part of your app.
  2. browniepoints
    browniepoints avatar
    9 posts
    Member since:
    Aug 2009

    Posted 10 Apr 2010 Link to this post

    BTW this isn't a risk with only the Telerik upload component but it should be considered whenever you accept uploads into your software.
  3. DevCraft banner
Back to Top