26 Feb 2008
The Downside of Uploads
Any site that allows users to upload files clearly needs to be careful, but even some fairly savvy developers seem to underestimate the dangers, thinking they’re OK as long as they only allow simple static files such as images.
Content-Disposition:attachment header, although it seems it may be possible to bypass that, and HTML files are still unsafe).
Microsoft seems to think MIME sniffing is still essential to cope with poorly-configured servers, and so is willing to tolerate the side-effects (we wouldn’t want anyone to break into a sweat at the thought of actually fixing their systems, would we?).
It’s not just IE that causes extra problems (e.g. images can contain Flash policy files, and PDF has had its issues), and I still notice scripts that don’t even validate the file’s details properly in the first place (e.g. they check the MIME type then trust the filename). If you’ve got a site that accepts uploads, take some time to check your code and investigate the exploits, as it’s easy to miss fiendish details.