⛏️ Write a test to check whether we can create/update an object with File Upload

[arjun-akto]

💭 Introduction:

We want a test to check whether an attacker can create/update entity with File upload.

🎯 Requirements:

1. Filters - API with atleast one parameter as an input in GET query parameter or JSON body parameter accepting Files, having header for Files like “Content-Type” : “multipart/form-data” or “Content-type” : “application/octet-stream” or other types of headers used for File upload

2. Execute - It should replace the value with

• Changing the content-type header and sending the same file as identified in the original request
• Keeping the header and uploading some other file in Body
• Not sending any file and keeping the header same
• removing the header and then sending any file, or the same original file

3. Validation - If the application responds with a exception trace, it is a vulnerability.

✅ Task summary:

• [ ] Ask to be assigned to the issue.
• [ ] Wait to be assigned. We will try to assign in less than 2 hours.
• [ ] Signup for [Akto]
• [ ] Fork the [tests-library] repository, create a new branch and commit the yaml file which will be called in your test.
• [ ] Submit both the PR here.

📚 Reading

Find 100+ examples of YAML tests [here]

🙋🏼‍♂️ Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our [Discord server].

[falconcode16]

Hey @arjun-akto, I have gone through the test-library repo and example YAML test and I feel I can contribute to this issue by writing the above mentioned test. Can you please assign this issue to me?

[heysagnik]

Hey @arjun-akto I want to work on this, could you please assign me ?

[arjun-akto]

Hi @falconcode16 , @heysagnik . I have assigned the issue to you. Please feel free to connect us on our Discord server for any doubts.