Let's visit the Level 1 section, and see if we can upload and run our own PHP script on the backend:
In this section, there will be no security restrictions, so it means, we can upload malicious files. Let’s see if we can upload and run our own PHP script on the backend.
Let's create a simple PHP file containing the following code, which displays the PHP information.
The preceding code
executes the phpinfo() when executed by a PHP interpreter. We use this
to check if the uploaded PHP file is successfully executed on the server side
or not.
We get a successful upload message and path information for the file as well. Let's try to access the file to see if PHP code execution is possible on the server.
Look at that! Our PHP code ran on the server successfully. This payload was benign and only intended for testing.