Corrupted file upload - is it vulnerability?

While testing file upload functionality in one of the programs I found I was able to upload a corrupted file though not necessarily a malicious one.

Does this qualify as a vulnerability? My opinion is as long as its not exploitable it would only be a programming bug not a vulnerability.

Opinions on this would be most welcome. Thank you.

Yes,i think we can call it has a functional bug and its not a security issue. In the program the develope should check for the file extension before uploding a file.if the application is crashing or disclosing some sensitive SQL data after uploading a huge not supported file, then we have think seriously on security wise

Yes, I was thinking along the same lines but was not sure. Thank you for your reply :slight_smile:

Checking the extension isn’t really all that useful. Infact it could get you into even more trouble in some instances. Ideally reading the binary header of the file and checking for a correct magic number should suffice – or just reading a few bytes and looking for a canary or sanity check, probably would be safer.

1 Like