sry for title I don't even know how to call it, I am not a web developper (yet) so imagine you are on a site hosted by ppl with malicious intentions, what can be done with the uploading function when u open up a window, you select your files and you upload, example video streaming site that lets you upload your own subtitles is this is like establishing a remote connection (can it be potentially used this way ), can I give them access if hit the upload thingy , apart clicking unknown links sort of danger
That's always possible. And "malicious intentions" can range from "track you" to "pwn you". But anyway, if you knowingly visit dangerous sites, you ought at least to be using a Linux LiveCD in a VM. And better, on a machine that you will never trust as secure.
my bad my description sucked, fixed hopefully I can imagine you can be pwn if you download the file back from them, or third party cookies (tracking == not pwned but still sucks) but not what I am interested in imagine an extension conversion site, or freeOCR or pic hosting sites, these are the types I mention or a video host site where you can upload a subtitle, there are so many that some of them will be malicious to some extent (I wouldn't go there intentionally but I could be a victim unknowlingly) I've read somewhere, once that if you open a window for uploading from your pc you kinda open a remote access to them, like opening a door, but now I google this and I can't find anything informative - that began to gnaw on me
As I understand it, it's the browser that prepares information to be uploaded. For GET, data gets appended to the URL. For POST, it gets appended to the body of the request. At no time can the server directly access your file system. Unless it drops malware, anyway.