File Upload

File Upload¶

• Check MIME type
• Check Filenames
• Check

Windows Short Filenames¶

• Files in windows are case insensitive so only need canalization
• backup-082119f75623eb7abd7bf357698ff66c.sql will have a short name of BACKUP~1.SQL

IIS7¶

malicious.asp;.jpg