In this post, we demonstrated file upload vulnerability and how to exploit it using a vulnerable app called Mutillidae.

Upload forms are common places where attackers try to upload malicious files that execute system command on the target.

Since we are dealing with a vulnerable app, we don’t expect any kind of upload filters so we used the regular php-reverse-shell.
It can be found here
https://github.com/pentestmonkey/php-reverse-shell

Upload the shell and start a listener on your machine with the below
command:
Nc -lvp 4545
After successfully uploading the shell, we trigger the shell by navigating to its path in the URL

Get OSCP Certificate Notes

 
About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles