You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

While Creating journals in Oracle fusion Saas it is allowing .PHP file which is an executable file

in Applications Security

Summary:

While Creating journals in Oracle fusion Saas it is allowing. PHP file which is an executable file

Observation:

During testing, it was observed that the tester was able to circumvent client-side filtering and upload files other than the allowed extensions into the web application.
The application allowed files with the extension “.pdf”, ".png", ".jpg".jpeg",".tif",".tiff", etc as well as “.php” extension.

Expected is

It is recommended to:
• To Apply extension filtering to all upload functions in the entire application.
• Only permit extensions from the predetermined allowed list.
• Perform file type detection and reject any files that do not have the correct format of an expected file.

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!