amittripathi2k2
Member
Hi,
My site is under security audit to get the security certification. After audit they gave me two security issues to look at.
1. Stored Cross Site Scripting: The application must implement server side validation for all user-entered inputs. Only expected values should be accepted. Script tags should be rejected. All user inputs should be sanitized.
2. Malicious File Upload
I have added the <script> at filter tags in Joomla global configuration text filters. And also though I have clearly stated for all file upload elements to only use .jpg,.jpeg,.png extensions, I can still upload .php extension files.
How can we rectify these two issues?
Please help.
Regards
My site is under security audit to get the security certification. After audit they gave me two security issues to look at.
1. Stored Cross Site Scripting: The application must implement server side validation for all user-entered inputs. Only expected values should be accepted. Script tags should be rejected. All user inputs should be sanitized.
2. Malicious File Upload
I have added the <script> at filter tags in Joomla global configuration text filters. And also though I have clearly stated for all file upload elements to only use .jpg,.jpeg,.png extensions, I can still upload .php extension files.
How can we rectify these two issues?
Please help.
Regards