As the name suggests Arbitrary File Upload Vulnerabilities is a type of
vulnerability which occurs in web applications if the file type uploaded
is not checked, filtered or sanitized.
The main danger of these kind of vulnerabilities is that the attacker
can upload a malicious PHP , ASP etc. script and execute it. The main
idea is to get the access to the server and execute desired code. for
example an Attacker who have gained access to such kind of vulnerability
can upload a malicious shell script and further can control the machine
to execute desired commands, which would lead to a full compromise of
the server and the victim’s server gets owned.
In this tutorial we’ll be looking at a a basic example of a Vulnerable Script and How to exploit it. So let’s get started.
Proof of Concept
For the demonstration of a realistic scenario, I have created a basic vulnerable PHP script.
Upload.php
HERE";
}
}
?>
Welcome to Vulnerable Apps
Arbitary file upload ( POC )
Hey all this is a sample php script to upload image files , This script doesn't contains file type checking code which makes it prone to Arbitary file upload vulnerbility.
Upload
| Upload File |
This is a basic example of how these bugs occur.
How to exploit it
Now to exploit this common bug is yet simpler, the hacker can simply download any Web Shell-Scripts , Written in PHP , ASP etc.
Some PHP Shells :-
Ani-Shell
[ R57 Shell
C99 Shell
Note: These shells are not intended to be used as this way, author is not responsible for the way in which the user uses it.
Now to exploit this vulnerability the hacker have to carry out some steps :-
Upload the Shell
Go to the link
Gain Access
0 comments:
Post a Comment