I have an ASP.NET MVC application where user can upload jpeg, png, gif, jpg files. How to restrict user to upload malicious files?
I am restricting the file upload on the basis of the file extension. However, If there is a malicious file 'filenam.html' and the user tries to upload it by changing the file name to 'filename.html.png', the application allows users to do so.
Please suggest how can I restrict the user from uploading malicious files from backend and frontend validation.
Note: I can not restrict the filenames on basis of multiple dots present in it as a valid file name can contain 'filename V1.1.png'