Back to File Upload

File Upload 10: MIME Type Trust

Goal: make a risky filename pass by lying with a trusted content type.

Hints
  • The application trusts the provided MIME type.
  • It does not compare file content against the extension.
  • Attackers can submit one thing and label it as something else.
Why this works

Client-controlled Content-Type headers are not trustworthy. Secure upload handling must validate file content and enforce safe storage.