In this post, we demonstrated file upload vulnerability and how to exploit it using a vulnerable app called Mutillidae.

Upload forms are common places where attackers try to upload malicious files that execute system command on the target.

Since we are dealing with a vulnerable app, we don’t expect any kind of upload filters so we used the regular php-reverse-shell.
It can be found here
https://github.com/pentestmonkey/php-reverse-shell

Upload the shell and start a listener on your machine with the below
command:
Nc -lvp 4545
After successfully uploading the shell, we trigger the shell by navigating to its path in the URL

Get OSCP Certificate Notes

Mutillidae, OWASP

Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

Unrestricted File Upload Vulnerability – Mutillidae OWASP Lab

Leave a Reply Cancel reply

The MasterMinds Notes

About the Author

Other stories

Local File Inclusion Vulnerability – Mutillidae OWASP Lab

How to stay anonymous during Nmap scanning with Tor network.

Press ESC to close

Unrestricted File Upload Vulnerability – Mutillidae OWASP Lab

Leave a Reply Cancel reply

The MasterMinds Notes

About the Author

Share Article:

You might also like

Android Malware Analysis | SPYNOTE Malware Analysis with ANY.RUN

How Hackers Hack IT Support Systems | Exploiting PHP Vulnerabilities | TryHackMe Agent T

Blockchain Ethical Hacking & Penetration Testing

Other stories

Local File Inclusion Vulnerability – Mutillidae OWASP Lab

How to stay anonymous during Nmap scanning with Tor network.