DVWA – Insecure File Uploads

Posted by Crazy Danish Hacker | Feb 20, 2017 | Damn Vulnerable Web App | 0 |

Description

In this video I demonstrate how to upload files containing PHP code to a vulnerable form, which does not check the file extension against a list of acceptable file types for example. The file upload does not check the contents of the files either, which makes it even easier to upload malicious files.

Most file upload forms these days are not susceptible to uploading PHP files directly. In most cases, it will only be possible to upload image files, which could contain PHP code which may be exploited through other vulnerabilities such as LFI (Local File Inclusion).

LFI: https://www.youtube-nocookie.com/watch?v=9SaEk6bdBBQ

Topics covered:
– Insecure File Uploads

Stay tuned and subscribe for more upcoming videos showing actual hacks!

About The Author

Crazy Danish Hacker

Teaches ethical hacking and penetration testing on YouTube. Has been a professional penetration tester for a living for several years, has presented at multiple conferences, and is also quite interested in software defined radio. Crazy Danish Hacker is known by many names, some of them more well-known than others.

DVWA – Insecure File Uploads

Description

About The Author

Crazy Danish Hacker

Leave a reply Cancel reply

Categories

Recent Comments

Archive

DVWA – Insecure File Uploads

Description

About The Author

Crazy Danish Hacker

Related Posts

DVWA – Command Injection

DVWA – Username Enumeration & Brute-Forcing Passwords

DVWA – SQL Injection & Cracking Passwords!

DVWA – Local File Inclusion

Leave a reply Cancel reply

Categories

Tags

Recent Comments

Archive