#8 dvwa file upload walkthrough | dvwa file upload vulnerability | live bug hunting | bug bounty
#hackervlog #bugbounty #cybersecurity
File upload vulnerability is one of the most dangerous ones. The reason for this is that uploaded files might be exploited in many ways: by making the server run a malicious script, or executing the script in the user’s browser. This can all potentially lead to hazardous compromise of a server and even the user.
Low
Right now, with the Low severity set, DVWA accepts any file. And this can be used to our advantage. Let’s try exploiting it. This will consist of a few steps:
Generating an agent.
Uploading the generated agent to DVWA.
Accessing the uploaded file in order for it to execute.
Connecting to the server with a web shell.
By default, Kali Linux comes with a reverse shell called weevely. The first step would be to generate an agent, and this can be done from the command line:
weevely generate your-password legitfile.php.
Now upload it to the DVWA file upload page.
Shell Was Uploaded Successfully
Try accessing the file. You should see a blank page. Now try to establish session with the DVWA: weevely http://YOUR-DVWA-IP/hackable/uploads/legitfile.php your-password.
If everything worked out, you should get access. In my case, a connection with a www-data user of DVWA instance, which is located on Raspberry Pi, was gained. From this point, external actors might do a lot of harm.
_____________________________________________________________________________________________________
👉 Paid Courses: https://asdacademy.in/youtube-form
👉Campus Ambassador Form: https://forms.gle/eRxUorkSUDf9Y2nC9
🤩New Channel (Hacker Vlog Live): / @hackervloglive
👉Download ASD Academy App📲: https://play.google.com/store/apps/de...
👇For Collaboration/Unboxing Video/Sponsorship/Free Seminar/Free Workshop email us at [email protected]
👇Join this channel to get access to perks:
/ @hackervlog
___________________________________________________________________________________
*Stay Connected with us*
👇Do you have any Questions? Ask your Enquiry and Interact Live 1:1 with our Experts (Mr. Tapan Kumar Jha & Miss. Riddhi Soral)
https://asdacademy.in/youtube-form
👇Learn Free Courses at:
/ hackervlog
👇 For Cyber Security & Coding Diploma/Courses Enquiry Visit:
http://www.asdacademy.in
👇Follow us on Twitter:
/ vlog_hacker
👇Follow us on *Instagram*:
/ hackervlogofficial
👇Follow us on *Facebook*:
/ hackervlogofficial
👇Download Free Cyber Security Software at:
https://www.hackingtool.in
👇Report Free Cyber Crime at:
http://www.cybercert.in
Intro Music credits-
Disclaimer:-
This video is made available for educational and informational purposes only. We believe that everyone must be aware of ethical hacking and cyber security to avoid different types of cyberattacks on computers, websites, apps, etc. Please regards the word hacking as ethical hacking everytime we use it.
All our videos have been made using our own systems, servers, routers, and websites. It does not contain any illegal activities. Our sole purpose is to raise awareness related to cybersecurity and help our viewers learn ways to defend themselves from any hacking activities. Hacker Vlog is not responsible for any misuse of the provided information.
