Similar to the previous level, Level 3 is also the same, where Developers add a blacklist for the PHP file extension and its other variants but forgot to do something to blacklist.
.png)
In this section, Developer adds a blacklist for certain file extensions but forgets something to restrict, which is considered harmful.
<?php
$files = @$_FILES["files"];
$info = new SplFileInfo($files["name"]);
$extension=($info->getExtension());
if ($files["name"] != '' && $extension != "php" && $extension != "php3" && $extension != "jpeg" && $extension != "png" && $extension != "gif") {
$fullpath = $_REQUEST["path"] . $files["name"];
if (move_uploaded_file($files['tmp_name'], $fullpath)) {
echo "<a href='$fullpath'>OK-Click here!</a>";
}
}
echo '<form method=POST enctype="multipart/form-data" action=""><input type="file" name="files"><input type=submit value="Upload File"></form>';
?>
Let’s try to upload the previous file extension to see if this file uploaded successfully or not.
.png)
Click on "phpinfo.phtml" and click on open.
.png)
Now, we will upload this file and see whether it is uploaded successfully or not.
.png)
Once uploaded, open the UPLOADED link in another tab.
.png)
Look at that! Our PHP code ran on the server successfully. This payload was benign and only intended for testing.
