New: CheckVibe MCP server — scan from Claude Code and Cursor nativelyRead the docs
Test file upload endpoints for unrestricted uploads and remote code execution risks.
Overview
Unrestricted file upload is a critical vulnerability that can lead to remote code execution. Our scanner identifies file upload endpoints and tests for dangerous file type acceptance, missing content-type validation, path traversal, and file size limits.
What this scanner does
Discovers file upload forms and endpoints across all crawled pages. Tests for acceptance of dangerous file types (.php, .jsp, .exe), missing MIME-type validation, file size limit enforcement, and path traversal in filenames.
Why it matters
An unrestricted file upload can let attackers upload web shells, gaining full control of your server. Even with execution prevention, uploaded files can be used for stored XSS, phishing, or serving malware from your domain.
Common findings
OWASP Top 10 coverage
Get a full security report with AI-powered fix suggestions in 30 seconds. No setup required.
Related checks
Vulnerability Detection
Test form fields and API inputs for proper validation and sanitization.
Configuration Audit
Check if your site has the right HTTP security headers to prevent common attacks.
Vulnerability Detection
Find exposed debug routes, admin panels, and development endpoints left in production.
