Suppose we have a example.exe file.
we first put that file in a new folder
and then zip that folder with any zipping software,
Can we prevent that zipped folder upload in a website?
how can we do that?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You cannot prevent it, because you can’t tell what the browser is going to submit before it submits it. All you can do is when the file arrives on the server, check the file extension – if it’s an exe (or a .zip and you open it up and find an .exe) then reject it.
You can use something like SWFupload to get a handle on the file before it’s uploaded, but the best that’ll do is tell you the name of the file.
Besides, they could just take “example.exe” change the name to “example.txt” and still upload it…
Method 2
You check on the server. Checking with javascript in form.onsubmit is dumb because its quite simple to post a form with a file to the same URL and skip your super secure javascript powered page.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0