DVWA file upload
You can completely hack the website by uploading any file.
What is File upload attack
File upload attack is considered to be a very dangerous kind of attack. In this attack, the hacker uploads the injected file (such as a payload, shell or php file that exicute according to the hacker) and the entire control of the website is in his hands, even the cpanel can be controlled.
💡 Deface the website completely, or ruin the entire website of the company by this method
First example : upload a html script file
- Then upload this HTML file, it will be uploaded easily in Low Security.
- The most important thing is to find the location of the file where this file is uploaded. If you are unable to find the location of the file after uploading, then you will not be able to hack.
Save this file as hack.html
Upload this file after saving html file
The location can be seen here after the file is uploaded
Now open the uploaded file location
Needed Tool : Burpsuite
- First open the burpsuite tool and turn on the intercept ( click here to setup burpsuit)
- Now click on upload and open burpsuit.
- Now follow this example
//My file is saved on the local server under the name index.html