ワンクリックで
sc-file-upload
Insecure file upload detection — unrestricted types, MIME mismatch, polyglot files, and webshell upload
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Insecure file upload detection — unrestricted types, MIME mismatch, polyglot files, and webshell upload
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
| name | sc-file-upload |
| description | Insecure file upload detection — unrestricted types, MIME mismatch, polyglot files, and webshell upload |
| license | MIT |
| metadata | {"author":"ersinkoc","category":"security","version":"1.0.0"} |
Detects insecure file upload vulnerabilities including unrestricted file type uploads, MIME type vs extension mismatches, double extension bypasses, executable uploads to web-accessible directories, missing file size limits, and archive extraction attacks. Focuses on upload endpoints that could lead to remote code execution or stored XSS.
Called by sc-orchestrator during Phase 2 when file upload functionality is detected.
"multer", "upload", "multipart", "formidable", "busboy",
"FileUpload", "IFormFile", "MultipartFile", "@RequestPart",
"$_FILES", "move_uploaded_file", "UploadedFile",
"file.save(", "storage.upload(", "putObject("
1. No File Type Validation:
// VULNERABLE: Accept any file
const upload = multer({ dest: 'public/uploads/' });
app.post('/upload', upload.single('file'), (req, res) => {
res.json({ path: `/uploads/${req.file.filename}` });
});
// SAFE: Validate file type
const upload = multer({
dest: 'uploads/', // NOT in public directory
fileFilter: (req, file, cb) => {
const allowed = ['image/jpeg', 'image/png', 'image/gif'];
if (allowed.includes(file.mimetype)) {
cb(null, true);
} else {
cb(new Error('Invalid file type'), false);
}
},
limits: { fileSize: 5 * 1024 * 1024 } // 5MB limit
});
2. Upload to Webroot:
// VULNERABLE: Upload directly to web-accessible directory
move_uploaded_file($_FILES['file']['tmp_name'], 'public/uploads/' . $_FILES['file']['name']);
// If user uploads evil.php → accessible at /uploads/evil.php → RCE!
// SAFE: Upload outside webroot + rename
$ext = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
$allowed = ['jpg', 'png', 'gif'];
if (!in_array(strtolower($ext), $allowed)) { die('Invalid type'); }
$newName = bin2hex(random_bytes(16)) . '.' . $ext;
move_uploaded_file($_FILES['file']['tmp_name'], '/var/data/uploads/' . $newName);
Comprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.
C#/.NET-specific security deep scan
Go-specific security deep scan
Java/Kotlin-specific security deep scan
PHP-specific security deep scan
Python-specific security deep scan