Hack File upload Vulnerability in DVWA (Bypass All Security)

Raj Chandel

Founder & CTO Hacking Articles

File upload vulnerability are a major problem with web based applications. In many web server this vulnerability depend entirely on purpose that allows an attacker to upload a file hiding malicious code inside that can then be executed on the server. An attacker might be able to put a phishing page into the website or deface the website.

Attacker may reveal internal information of web server to other and some chances to sensitive data might be informal, by unauthorized people.

In DVWA the webpage allows user to upload an image, and the webpage go through with program coding and checks if the last characters of the file is ‘.jpg’ or ‘.jpeg’ or ’.png’ before allowing the image get uploaded in directory.

Requirement:

Xampp/Wamp Server

DVWA Lab

Kali Linux: Burp suite, metasploit framework

DVWA lab in your XAMPP or WAMP server, read full article from here

Now open the DVWA in your browser with your local IP as https://www.linkedin.com/redir/invalid-link-page?url=192%2e168%2e1%2e102%3A81%2FDVWA and login with following credentials:

Username – admin

Password – password

Bypass Low Level Security

Click on DVWA Security and set Website Security Level low

Full Article Read Here

•