bWAPP Unrestricted File Upload

Unrestricted File Upload - Low Security Level Solution: Step 1. Install hackbar in BurpSuite Follow Steps as shown in the video. Download file from url https://github.com/d3vilbug/HackBar/releases/ Go to BurpSuite - Extender - Click on Add - Select file Path - Click on open then on next and then close. Go to the Repeater tab - Right click on the blank area Select Extensions - Hackbar - Web Shells Php A code will be generated Step 2. Copy the code in the text editor of your choice and save with .php extension Step 3. Go to the lesson page and upload the .php file Step 4. Click on upload Then click on here A blank page will be displayed In order to execute the payload we need to call the command with cmd add payload at the end of the url Payload: ?cmd=cat+/etc/passwd Note: You can also solve this lesson by using ready to use php shell code. PseudoTime