Module 12 FileUpload DemoSecure Coding Course

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Courses Secure Coding Course Module 12 FileUpload Demo

This topic contains 1 reply, has 2 voices, and was last updated by  ky0uj1 3 years, 6 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #65403


    I could not successfully do the attack for the FileUpload Demo in Module 12. Has anyone done it with Mutillidae running on that same Linux VM we were given for this class? I noticed in the video that Mutillidae is running on a Windows system and wondering if this issue can only be reproduced on Windows systems and not on Linux since the /opt/lampp is restricted to root only and I’m running the test logged in as ubuntu.
    Thanks for any feedback on this!



    Firstly we open the terminal and check permissions in the htdocs like this,
    l s -l /opt/lampp/htdocs

    You’ll see that webalizer has the owner and group as daemon which is the account of the web application.
    It means it’s possible to write any files there.
    After you make cmd.php and intercept with Burpsuit as the video shows, you just change the path /tmp to /opt/lampp/webalizer. If succeeding in posting cmd.php, you can access to http://localhost/webalizer/cmd.php

    Thank you in advance.

    • This reply was modified 3 years, 6 months ago by  ky0uj1.
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?