Level 1: Introducing File upload vulnerability

Let's visit the Level 1 section, and see if we can upload and run our own PHP script on the backend:

In this section, there will be no security restrictions, so it means, we can upload malicious files. Let’s see if we can upload and run our own PHP script on the backend. 

<?php
     $files = @$_FILES["files"];
     if ($files["name"] != '') {
         $fullpath = $_REQUEST["path"] . $files["name"];
         if (move_uploaded_file($files['tmp_name'], $fullpath)) {
             echo "<a href='$fullpath'>uploaded image</a>";
             }
          }
         echo '<form method=POST enctype="multipart/form-data" action="">
               <input type="file" name="files">
               <input type=submit value="Upload File"></form>';
 ?>

Let's create a simple PHP file containing the following code, which displays the PHP information.

<?php
echo phpinfo();
?>

The preceding code executes the phpinfo() when executed by a PHP interpreter. We use this to check if the uploaded PHP file is successfully executed on the server side or not.

We get a successful upload message and path information for the file as well. Let's try to access the file to see if PHP code execution is possible on the server.

Look at that! Our PHP code ran on the server successfully. This payload was benign and only intended for testing. 

Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.

#buttons=(Ok, Go it!) #days=(20)

Our website uses cookies to enhance your experience. Learn More
Ok, Go it!