ZAP – File Upload

Details
Alert ID	40041
Alert Type	Active
Status	alpha
Risk	Medium
CWE
WASC
Technologies Targeted	All
Tags

Summary

File Upload scan rule is used to scan the vulnerabilities in the File Upload functionality of web applications.

Solution

Follow the suggestions mentioned in following links: 1. https://portswigger.net/kb/issues/00500980_file-upload-functionality 2. https://www.youtube.com/watch?v=CmF9sEyKZNo

Other Info

References

https://cwe.mitre.org/data/definitions/434.html

Code

org/sasanlabs/fileupload/FileUploadScanRule.java