Upload is process
of transmitting a file from a computer system to other computer
systems. Attacker to upload files to insert in accordance with the
desired command so that it can remotely victim. This attack is
passive as it waits for the victim to take action on a file that is
uploaded.
Example in dvwa
- Open in dvwa
- Setting security in high.
- Open terminal/terminatora. Open folder DVWA in var/www/b. change permissons the folder hackable can be execution, write and read : chmod -R 777 hackable
- Chose Upload button in DVWA
Note :
see the source is
that only jpg file format that could be upload.
- Upload backdoor
a. chose
a file from webshells
b. copy
backdoor to folder /var/www/
c. change backdoor file
extention with .jpeg (php-backdoor.jpeg)
d. upload file on
dvwa
Tidak ada komentar:
Posting Komentar