Various web applications allow users to upload files (eg images, music files etc). The uploaded files can create momentous risk if not handled in a secure way. Depending on the how the file is processed and where it is stored the impact of the file upload vulnerability may vary. For example, if the web application is being run on Apache and does not check the type of files being uploaded, an attacker could upload a PHP file and then get it to execute by just visiting it.
The impact of this vulnerability is high, a supposed code can be executed in the server context or on the client side. The likelihood of detection for the attacker is high. The prevalence is common. As a result, the severity of this type of vulnerability is high.
What you will learn
After completing this scenario you will learn to exploit very simple arbitrary file upload vulnerabilities, where no checks are being carried out on the file being uploaded.
This scenario contains one virtual machine running two services.
- TIME30 MINUTES
- COST10 CRYSTALS