What are sample files used for?

Sample files are used by developers, QA engineers, and designers to test file upload functionality, validate parsers, prototype applications, and verify format support. They provide well-formed examples of real file formats without sensitive data.

Are the sample files free to download?

Yes, all sample files on File Examples are completely free to download. No registration, no limits, and no hidden fees. You can use them for testing, development, and educational purposes.

What file formats are available?

File Examples offers 1000+ sample files in 700+ formats across 50 categories including documents, images, audio, video, code, scripting, AI/ML, blockchain, gaming, firmware, security, science, IoT, DevOps, medical, accessibility, automation, education, legal, API, localization, and many more.

Can I use these files for testing my application?

Absolutely. All files are well-formed, valid examples designed specifically for testing. They contain proper headers, metadata, and realistic content structures — ideal for QA testing, CI/CD pipelines, and development workflows.

How do I download a sample file?

Browse categories or search for a specific format, click on the file you need, and hit the Download button. The file downloads instantly — no signup or email required.

Medium severity

EXIF Metadata Privacy Leak

JPEG and TIFF images containing EXIF metadata that reveals GPS coordinates, camera model, timestamps, and potentially the photographer's identity.

How This Attack Works

Digital cameras and smartphones embed EXIF metadata in photos including GPS coordinates (latitude/longitude), device model, serial number, timestamp, and sometimes the owner's name. When photos are shared online without stripping metadata, this information becomes publicly accessible.

Attack Vector

User uploads a photo to a website or forum. Attacker downloads the image and extracts EXIF data to determine the user's home location, daily routine, or device information for targeted attacks.

Real-World Example

John McAfee's location in Guatemala was revealed through EXIF GPS data in a photo posted by a Vice journalist in 2012. Multiple stalking cases have involved EXIF location data from social media photos.

Safe Implementation

// SAFE: Strip EXIF with sharp (Node.js)
const sharp = require('sharp');
await sharp(inputBuffer)
  .rotate() // Apply EXIF rotation first
  .withMetadata({ exif: {} }) // Strip EXIF
  .toBuffer();

Safe Handling Guidelines

Strip all EXIF metadata from user-uploaded images before storing or serving them. Use libraries like sharp (Node.js), Pillow (Python), or ExifTool to remove metadata. Major platforms like Facebook, Twitter, and Instagram strip EXIF data automatically.

Affected Platforms

Web applicationsSocial mediaForumsFile sharingEmail

Related Security Demos

MIME Spoofing: SVG with Embedded JavaScript (XSS)

mime-spoofing · high

Related Tools & Resources

MIME Detector Checksum Generator Edge-Case Library Compatibility Matrix