Let’s move on to the Level 7 section.
Here, in this section, if we try to upload any file, then we will not receive any link, on which the file is uploaded.
The following PHP code will allow XSS files. But, we can find out the file location using cross-site scripting file upload vulnerability.
<?php
$files = @$_FILES["files"];
if ($files["name"] != '') {
$fullpath = $_REQUEST["path"] . $files["name"];
$filename=$files["name"];
if (move_uploaded_file($files['tmp_name'], $fullpath)) {
echo "Uploaded ".$filename;
}
else
echo "Error with this file".$filename;
}
echo '<form method=POST enctype="multipart/form-data" action="">
<input type="file" name="files">
<input type=submit value="Upload File"></form>';
?>
Save a file with the following cross-site scripting code.
Now, upload it. Once we upload this file, we will prompt us with the domain name.
Let’s try to find out, there will be the uploaded file are located.
The file is uploaded within this same directory.
Let me change this PHP file name to the PHP info file.
As expected, we have successfully accessed the PHP file.