I have a question about hacking file uploads. Below shows the kind of setup I’m using and my concern is around the action that gives the full path to the upload script:
<form action="http://www.mydomain.com/scripts/php/photo_processing.php?page=join method="post" enctype="multipart/form-data"> <input type="file" name="file" class="fileProfile"><br> </form>
Can someone use the full path to send repetitive files constantly and then fill a web server disk space etc? eg: can you send files using this path outside the website and/or in a way that allows automated constant uploads?
Note: the php file has the following at the top – it is set to only this domain name – needed because of AWS Cloudfront POST limitation
No, they are basically prevented by cross domain policy. Unless the
mydomain.com gives you access to it.