Module 12 FileUpload DemoSecure Coding Course

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Courses Secure Coding Course Module 12 FileUpload Demo

This topic contains 1 reply, has 2 voices, and was last updated by  ky0uj1 2 years, 8 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #65403

    mir
    Participant

    Hello,
    I could not successfully do the attack for the FileUpload Demo in Module 12. Has anyone done it with Mutillidae running on that same Linux VM we were given for this class? I noticed in the video that Mutillidae is running on a Windows system and wondering if this issue can only be reproduced on Windows systems and not on Linux since the /opt/lampp is restricted to root only and I’m running the test logged in as ubuntu.
    Thanks for any feedback on this!
    Regards,
    Miriam

    #84021

    ky0uj1
    Participant

    Firstly we open the terminal and check permissions in the htdocs like this,
    l s -l /opt/lampp/htdocs

    You’ll see that webalizer has the owner and group as daemon which is the account of the web application.
    It means it’s possible to write any files there.
    After you make cmd.php and intercept with Burpsuit as the video shows, you just change the path /tmp to /opt/lampp/webalizer. If succeeding in posting cmd.php, you can access to http://localhost/webalizer/cmd.php

    Thank you in advance.

    • This reply was modified 2 years, 8 months ago by  ky0uj1.
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel