File upload forms, nowadays can be found allover the internet. In social network web applications, such as Facebook and Twitter, in blogs, forums, e-banking sites, YouTube and also in corporate support portals, to give the opportunity to the end user to efficiently share files with corporate employees. Users are allowed to upload images, videos, avatars and many other types of files.
Though, the more functionality provided to the end user, the greater is the risk of having a vulnerable web application and the chance that such functionality will be abused from malicious users, to gain access to a specific website, or to compromise a server is very high.
The following white paper, talks about a number of common security issues and vulnerabilities encountered while auditing file upload forms in several well known web applications. It also explains how to build secure file upload forms.
You can read this whitepaper from here