Tuesday, November 17, 2015

DVWA - Upload Backdoors into a Vulnerable Web Application

Hello Everybody.  On this topic I would like to discuss and show you a little bit about DVWA (Damn Vulnerable Web Application). This is an environment in which people can freely test flaws into web applications without getting into legal trouble.  It is really easy to actually set it up and test it. You only need to either:

1)Set it up on your machine (Apache or Xaamp + Java + Burp Suite)
2)Run it on a live CD without the need to setting it up yourself.
3)Run it on a website. No need to install anything.

Below is a simple Demo in how to bypass the upload form by changing the security level and the file type to upload a backdoor and remote execute code in the server machine.  Enjoy