ASP.NET File Uploads: Threats & Counter-Measures

"whenever you allow a user to upload a document that is saved to a web accessible folder, and then you allow others to visit that document directly through their browser, there exists the possibility that a nefarious user will upload a script file so that they can execute code when the file is visited through a browser." [Scott Mitchell]
Counter-Measure: configure IIS so as not to allow script execution on the folder (and subfolders) where files are uploaded.

"A nefarious user could .. upload a HTML file for an XSS or phishing attack, stealing your authenticated users' sessions and cookies or worse." [Ryan]
Counter-Measure: have a whitelist of content types and file extensions.

"Denial of service is one of the threats that you need to consider while implementing file upload functionality in your web application. If a user uploads a huge file, it will clog the network and consume server’s memory." [Varun, ACE Team]
Counter-Measure: By setting an appropriate value for the MaxRequestLength attribute in the setting in web.config, network clogging and excessive use of server memory can be prevented while implementing a file upload functionality. The default value for maxRequestLength is 4096 KB (4 MB).

Know of any other threats specifically related to File Uploads? Please post your comments below.

Related reading:
Checklist: Securing ASP.NET
Large File Uploads in ASP.NET