WSTG-CONF-03 - File Extensions Handling for Sensitive Information; sub section File Upload is ambiguous #706
Labels
Comments
DotDotSlashRepo
added
help wanted
revise
|
Please comment if you are still working on this issue, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it to new contributors. |
|
Please comment if you are still working on this issue, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it to new contributors. |
|
Please comment if you are still working on this issue, as it has been inactive for 90 days. To give everyone a chance to contribute, we are releasing it to new contributors. |
|
Please comment if you are still working on this issue, as it has been inactive for 90 days. To give everyone a chance to contribute, we are releasing it to new contributors. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What's the issue?
The subsection of WSTG-CONF-03 File Extensions Handling for Sensitive Information, File Upload is ambiguous and has content overlapping with Test Upload of Malicious Files. From the test objective, idea of this test case is to identify existing sensitive files in the web server via dirbusting.
However section "File Upload" which talks about 8.3 file uploads, which looks more appropriate in WSTG-BUSL-09 or WSTG-BUSL-08. If the idea is to identify 8.3 files via dirbusting, I think writeup should be modified to be more precise.
How do we solve it?
Rephrase or move the "File Upload" sub section to business logic testing. This is a minor change. I would like to wait for thoughts of moderators before making a PR.
Would you like to be assigned to this issue?
Check the box if you will submit a PR to fix this issue. Please read CONTRIBUTING.md.
The text was updated successfully, but these errors were encountered: