bWAPP Unrestricted File Upload
Unrestricted File Upload - Low Security Level
Solution:
Step 1. Install hackbar in BurpSuite
Follow Steps as shown in the video.
Download file from url https://github.com/d3vilbug/HackBar/r...
Go to BurpSuite - Extender - Click on Add - Select file Path - Click on open then on next and then close.
Go to the Repeater tab - Right click on the blank area
Select Extensions - Hackbar - Web Shells Php
A code will be generated
Step 2. Copy the code in the text editor of your choice and save with .php extension
Step 3. Go to the lesson page and upload the .php file
Step 4. Click on upload
Then click on here
A blank page will be displayed
In order to execute the payload we need to call the command with cmd
add payload at the end of the url
Payload: ?cmd=cat+/etc/passwd
Note: You can also solve this lesson by using ready to use php shell code.
PseudoTime
