Introducing file upload vulnerability
The DVWA web application was installed in a Debian server and was configured with a low security level. Let's visit the file upload section and see if we can upload and run our own PHP script on the backend:
We're presented with an HTML form that is asking us to upload an image. Instead, let's create a simple PHP file containing the following code, which displays the version of PHP installed, through the test.php filename:
<?php echo phpversion(); ?>
The preceding code executes the phpversion(); function when executed by a PHP interpreter. We use this to check if the uploaded PHP file is successfully executed on the server side or not:
We get a successful upload message and path information for the file as well, let's try to access the file to see if PHP code execution is possible on the server:
Look at that! Our PHP code ran on the server successfully. This payload was benign, only intended for testing. Now let's try executing...
