File Upload Vulnerability & RCE
Hello, Team, I am Sourav Saha. Here is my Vulnerability which I found in your domain. Vulnerable Domain: https://www.Icannotshowtheurl.com/ Vulnerability Name: File Upload Restriction Bypass: Description: File upload mechanisms are very common on websites, but sometimes have poor validation. This allows attackers to upload malicious files to the web server, which can then be executed by other users or the server itself. This can also happen in authenticated areas of a website. Validation Steps (POC): 1. 1. Visit the Profile https://www.Icannotshowtheurl.com/ 2. After that we can see “My Profile” option on the left-hand side 1. 3. There is an option to upload our profile picture, which is “Upload your photo” 4. From there if I try to upload a php reverse shell script (which we will discuss later on this report) that will not allow me to do this. 5. But I will use my burpsuit proxy to...