Home > DVWA > DVWA: Damn Vulnerable Web Application File Upload Walkthrough (Low Security)

DVWA: Damn Vulnerable Web Application File Upload Walkthrough (Low Security)

January 29, 2023

"Disclaimer: The information provided in this article is intended for educational and research purposes only. It is not intended to promote or encourage any illegal or unethical activities. Always act responsibly and obtain proper consent before using any tools or techniques described in this article."

 

File upload exploits are possible when a web server allows users to upload files to its filesystem without sufficiently validating things like file name, type, contents, or size. Failing to properly enforce restrictions on these could mean that even a basic image upload function can be used to upload potentially dangerous files instead, which can lead to remote code execution.

We can solve this challenge by simply uploading .php files already available in Kali Linux repositories or by preparing one with a simple payload. 

Let's start, by logging into DVWA, going to settings, and setting the security as 'Low'.




Now,  on the left side, there is an option regarding upload click on it.




Now let's try to exploit it by using our backdoor file. To get the backdoor file, open the Linux terminal and type :

locate backdoor.php 

This will show us the list of all the files regarding backdoors on our Linux system.




Now, you can choose any of the files from the list and upload it in the DVWA, file upload action. 

Let's copy the file to the home directory and then we will upload it.




Now, browse the file to upload.




File uploaded successfully - ../../hackable/uploads/simple-backdoor.php succesfully uploaded!




Now, to exploit the file that we uploaded, we need to go to the directory where the uploaded file is present.

As we can see the path is already mentioned after uploading, now just copy the path and add it at the end of the DVWA file upload page URL. 

10.0.2.6/dvwa/vulnerabilities/upload/../../hackable/uploads/simple-backdoor.php

You will see something like this:


we can now execute commands on the server. 

Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd 

cmd = "our commands at the end of URL to execute them on the server"




This is it. Target hacked. 

I will cover the advanced exploit of the File Upload flaw using msfvenom & msfconsole later on this website soon.


If you got stuck or have any questions, leave a comment, and I’ll do my best to get back to you.

Post a Comment

No comments

Thank you for taking the time to leave a comment on my blog. I appreciate your feedback and contribution to the conversation on my blog. Your comment will be automatically approved and visible to other readers. Please note that while I encourage open and respectful dialogue, my team reserves the right to review and remove any comments that violate this blog's terms and conditions, or are considered to be spam or offensive.

Subscribe to: Post Comments ( Atom )
Powered by Blogger.