DVWA-FILE UPLOAD : LOW Level

Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step.

The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system, forwarding attacks to backend systems, and simple defacement. It depends on what the application does with the uploaded file, including where it is stored.

Another thing worth looking for are restrictions within 'hidden' form fields.

../../hackable/uploads/command.php succesfully uploaded!