Let’s move on to the 2nd Level section.
In this section, there will be some sort of protection mechanisms to prevent PHP file uploads, which means, we can’t upload dot PHP file extension.
Developers, sometimes, add a blacklist for certain file extensions, which is considered harmful.
But, we can try to do this with other .php extensions.
- Supported PHP File Extension
- .php, .php2, .php3, .php4, .php5, .php6, .php7, .phps, .phps, .pht, .phtm, .phtml, .pgif, .shtml, .htaccess, .phar, .inc, .hphp, .ctp, .module
- Working in PHPv8:
- .php, .php4, .php5, .phtml, .module, .inc, .hphp, .ctp
As running the Apache2 service supports PHPv8, so rename the file to the .phtml file.
Now, we will upload this file and see whether it is uploaded successfully or not.
Let's try to access the file to see if PHP code execution is possible on the server.
Once we click on "Upload File", open the uploaded link:
Look at that! Our PHP code ran on the server successfully.