Unrestricted File Upload Vulnerability

In this post, we demonstrated file upload vulnerability and how to exploit it using a vulnerable app called Mutillidae.

Upload forms are common places where attackers try to upload malicious files that execute system command on the target.

Since we are dealing with a vulnerable app, we don’t expect any kind of upload filters so we used the regular php-reverse-shell.
It can be found here
https://github.com/pentestmonkey/php-reverse-shell

Upload the shell and start a listener on your machine with the below
command:
Nc -lvp 4545
After successfully uploading the shell, we trigger the shell by navigating to its path in the URL

Get OSCP Certificate Notes

Mutillidae, OWASP

Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles

Unrestricted File Upload Vulnerability – Mutillidae OWASP Lab

Leave a Reply Cancel reply

Motasem

About the Author

Press ESC to close

Unrestricted File Upload Vulnerability – Mutillidae OWASP Lab

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

You might also like

Open Source Intelligence Reddit Case Study | TryHackMe Advent of Cyber

Open Source Intelligence Tools & Techniques Explained With Case Studies

WordPress XXE Vulnerability | CVE-2021-29447 TryHackMe