Unrestricted File Upload on the main website for The OWASP Foundation. See the examples below for some ideas about how files might be misused. Upload .exe file into web tree - victims download trojaned executable; Upload virus in a folder that its name ends with the script's extension (e.g. “folder.asp\file.txt”). In this tutorial you'll learn how to download files like images, word or PDF Image Gallery