In this post, we demonstrated file upload vulnerability and how to
exploit it using a vulnerable app called Mutillidae.
Upload forms are common places where attackers try to upload
malicious files that execute system command on the target.
Since we are dealing with a vulnerable app, we don’t expect any kind
of upload filters so we used the regular php-reverse-shell.
It can be found here
Upload the shell and start a listener on your machine with the below
Nc -lvp 4545
After successfully uploading the shell, we trigger the shell by
navigating to its path in the URL