ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity

pentest: add MIME detection abuse scenarios

Browse Source
This commit is contained in:
Username
2025-12-25 22:05:42 +01:00
parent 0c8bdacfd2
commit 4a44d846c2
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
PENTEST_PLAN.md
View File

@@ -65,6 +65,16 @@ Testing uses specialized Claude subagents for different security domains, with f
- Unicode normalization attacks - Unicode normalization attacks
- Path traversal attempts - Path traversal attempts
**MIME Detection Abuse (Priority Target):**
- Magic byte spoofing (embed malicious payload after valid magic bytes)
- Polyglot files (valid in multiple formats simultaneously)
- Truncated magic bytes (test boundary conditions)
- Content-Type vs magic byte mismatch exploitation
- MIME type injection via crafted binary patterns
- Test if MIME type affects server-side processing/execution
- Attempt to trigger unsafe file operations via MIME confusion
- Chain MIME detection with other features (burn-after-read, encryption)
### 3. CryptoAudit Agent ### 3. CryptoAudit Agent
**Purpose:** Analyze cryptographic implementations **Purpose:** Analyze cryptographic implementations
**Scope:** **Scope:**