File Upload Testing
... And more based on context
Blacklisted file formats?
White-listed file formats?
No size limit
Messages Information / Error / Warning
File uploaded without any errors - Success!
The file chosen exceeds maximum file size. Try again.
The uploaded file was only partially uploaded.
No file was uploaded
Failed to write file to server (Unknown)
File uploading was cancelled
File appears to be corrupt. Re-try!
Multi File Uploading Some files uploading were failed...
Approx. Time Remaining
Display file size that's already uploaded
If yes, try searching for open vulnerabilities on web
Check the readme file to know known bugs or bug fixes
Single File? Multiple File? Uploader
Uploading *.jsp files and try executing
Upload *.exe file (Malicious *.exe)
Upload *.html file which has XSS script
Upload Virus File
Upload file that has sensitive data of your enemy
Upload Huge Files (Denial of service)
Phishing Page Embedding Attack
Setting maximum file size
White-listing file formats
Implement File Type Recognizer
Remove special characters such as “;”, “:”, “>”, “<”, “/” ,”\”, additional “.”, “*”, “%”, “$”, etc.
Accept Alphanumeric File names
Don't accept empty file names with no extension
Built-in virus scanner
Absolute pathname access should be restricted (Hash the file names on the server to avoid brute force download)
Use POST method instead of PUT
Prevent overwriting of file
Use client-side max file size attribute along with server side check
Authorization & Permissions for downloading and uploading
Single File Upload
Multi File Upload
Drag and Drop File to Upload
Cancel Upload (Single File)
Cancel All (Multi File Upload)