In this video I demonstrate how to upload files containing PHP code to a vulnerable form, which does not check the file extension against a list of acceptable file types for example. The file upload does not check the contents of the files either, which makes it even easier to upload malicious files.
Most file upload forms these days are not susceptible to uploading PHP files directly. In most cases, it will only be possible to upload image files, which could contain PHP code which may be exploited through other vulnerabilities such as LFI (Local File Inclusion).
– Insecure File Uploads
Stay tuned and subscribe for more upcoming videos showing actual hacks!