In this post, we demonstrated file upload vulnerability and how to
exploit it using a vulnerable app called Mutillidae.

Upload forms are common places where attackers try to upload
malicious files that execute system command on the target.

Since we are dealing with a vulnerable app, we don’t expect any kind
of upload filters so we used the regular php-reverse-shell.
It can be found here
https://github.com/pentestmonkey/php-reverse-shell

Upload the shell and start a listener on your machine with the below
command:
Nc -lvp 4545
After successfully uploading the shell, we trigger the shell by
navigating to its path in the URL

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles