C Sharp Accepts Any Mime Type
Description
Detects when a C# application accepts any MIME type without proper validation, which could allow attackers to upload malicious files with fake content types. This security issue could lead to malicious file uploads bypassing content type restrictions.
Detection Strategy
• Check for API calls that handle MIME type validation in C# code
• Identify if the MIME type validation logic accepts any content type without restrictions
• Flag instances where file upload handlers do not properly validate or restrict allowed MIME types
• Analyze arguments passed to MIME type validation methods to ensure proper type checking is enforced
Vulnerable code example
using System.Net.Http;
using System.Net.Http.Headers;
public class UnsafeHttpClient
{
public void VulnerableRequest()
{
HttpClient client = new HttpClient();...✅ Secure code example
using System.Net.Http;
using System.Net.Http.Headers;
public class SafeHttpClient
{
public void SecureRequest()
{
HttpClient client = new HttpClient();...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.