File Upload Vuln - Resources

Blogs

• Importance of phpinfo - https://beaglesecurity.com/blog/vulnerability/revealing-phpinfo.html

OWASP :

• https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload
• https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html

OnSecurity Blog :

• https://www.onsecurity.io/blog/file-upload-checklist/

YesWeHack :

• https://blog.yeswehack.com/yeswerhackers/exploitation/file-upload-attacks-part-1/
• https://blog.yeswehack.com/yeswerhackers/file-upload-attacks-part-2/
• https://0xn3va.gitbook.io/cheat-sheets/web-application/file-upload-vulnerabilities

Labs

• Port Swigger Labs : https://portswigger.net/web-security/file-upload
• DVWA: https://dvwa.co.uk/
• NinjaWorkOut Labs : https://github.com/effortlessdevsec/ninjasworkout
• TryHackMe Rooms:
  • Unpaid - https://tryhackme.com/room/bypassdisablefunctions
  • Paid - Upload Vulnerabilities - WriteUp
• Hacksplanning exercise:
  • https://www.hacksplaining.com/exercises/file-upload
  • https://www.hacksplaining.com/prevention/file-upload

Reports

• https://soroush.secproject.com/blog/2019/08/uploading-web-config-for-fun-and-profit-2/
• https://hackerone.com/reports/845832