.

DVWA 1.07 file upload issue

<<

Net_Spy

Newbie
Newbie

Posts: 2

Joined: Mon Aug 29, 2011 11:23 pm

Post Mon Aug 29, 2011 11:29 pm

DVWA 1.07 file upload issue

Greetings ,
              Im having a issue with file upload test using low and medium both . Im keep getting message image was not uploaded .

Im using burf to modify the content type image/jpeg . using with low and medium both setting. Ive tried to upload simple image file but same error message on that image file as well. Looking forward for your kind response.

Regards
  Net_Spy
<<

Net_Spy

Newbie
Newbie

Posts: 2

Joined: Mon Aug 29, 2011 11:23 pm

Post Tue Aug 30, 2011 12:34 am

Re: DVWA 1.07 file upload issue

Net_Spy wrote:Greetings ,
              Im having a issue with file upload test using low and medium both . Im keep getting message image was not uploaded .

Im using burf to modify the content type image/jpeg . using with low and medium both setting. Ive tried to upload simple image file but same error message on that image file as well. Looking forward for your kind response.

Regards
   Net_Spy



After going through code Ive found that this is a bug in upload .Once you select meduim and click on upload the status still shows high thats mean it is not changing the profile . Either you can disable the high code from /vunlenbility/upload/index.php

  Code:
$vulnerabilityFile = '';
switch( $_COOKIE[ 'security' ] ) {
        case 'low':
                $vulnerabilityFile = 'low.php';
                break;
       default:
        case 'medium':
                $vulnerabilityFile = 'medium.php';
                break;

      case 'high':
      default:
              $vulnerabilityFile = 'high.php';
              break;
}


into:
  Code:
$vulnerabilityFile = '';
switch( $_COOKIE[ 'security' ] ) {
        case 'low':
                $vulnerabilityFile = 'low.php';
                break;
       default:
        case 'medium':
                $vulnerabilityFile = 'medium.php';
                break;

//      case 'high':
//      default:
//              $vulnerabilityFile = 'high.php';
//              break;
}


Ive notice that version 1.07 having database bug as well that db name is hardcoded into source that will froce to use dvwa as database name . Hope developer notice and fix this issue.

Regards
  Net_Spy

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software