So, in many websites, like this one, you can upload e.g. attachments, so you select the attachment and click on upload, and the file is being sent to the server.
It seems I am missing something obvious, I don't know many things about HTML or PHP etc, but a thought:
Let's say there's (i) an input box and (ii) a button saying "Select file" (then, after selecting a file, the file's path is being sent to the input box), allowing you to select a file for upload, and lastly, a button that says "Upload".
So, somewhere inside the code, it should say something like this:
So, if it saidCode:when Button_Upload_Is_Clicked: upload_to_server(input_box->text)
would it work the same way?Code:upload_to_server(/etc/passwd)
I mean, what prevents websites from downloading from us anything they want, providing that they know the direct path to get it?
What if pressing the 'Login' button to a website, instead of only logging us in, uploads a local file to the server and then it logs us in?
Don't laugh at me
Bookmarks