Home page logo

educause logo Educause Security Discussion mailing list archives

Re: uploading application content to CMS system
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Thu, 6 Nov 2008 13:26:45 +1300

On 5/11/2008, at 11:24 AM, Russell Fulton wrote:

Hi folks

we are using Jahia to implement a new Content Management System for
our major web presence.  And, unsurprisingly, departments want to
upload all sorts of application content -- from word docs to flash
movies -- some of this content may come from students.  We intend
scanning all content that isn't straight html for malware before
accepting it, does anyone have any other suggestions for mitigating
the risk of accepting malicious content.

From my colleague Bojan Zdrnja who is currently in Europe:

Use a Flash decompiler, if possible, and scan for embedded URLs.
This would depend on the purpose of the upload form but this what
imageshack.us uses to detect Flash movies uploaded by spammers.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]