insecure-file-upload
OfficialSecure file uploads against malicious content.
Authorsecurityfortech
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses the critical security vulnerability of insecure file uploads, preventing attackers from uploading malicious files that could lead to remote code execution, cross-site scripting, or other severe compromises.
Core Features & Use Cases
- Vulnerability Detection: Identifies common insecure file upload flaws like extension bypass, MIME type confusion, magic byte spoofing, and path traversal.
- Attack Scenario Testing: Provides methodologies to test for SVG XSS, XXE via Office documents, and ZIP slip vulnerabilities.
- Use Case: When testing a web application feature that allows users to upload profile pictures or documents, use this Skill to ensure that only legitimate files can be uploaded and that no malicious code can be embedded or executed.
Quick Start
Test the file upload endpoint at '/upload' for insecure file upload vulnerabilities.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: insecure-file-upload Download link: https://github.com/securityfortech/hacking-skills/archive/main.zip#insecure-file-upload Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.