Tutorial on Arbitrary File uploading Vulnerability

Tutorial on Arbitrary File uploading Vulnerability

Arbitrary File uploading vulnerabilities are the type of vulnerabiliy which occurs in web applications in which there is a file uploading form but file format is not checked or filtered during file upload.
Now you are thinking that what is the problem in that. Now think that the website has a uploader form which do not check for file type and you have a malicious  PHP, ASP script. You can upload the script using this form and then you can execute your malicious script on the website server. You can run any kind of commands on the server using your script which would lead to a full compromise of the server.
If you do not know how to create a malicious script, you can simly download those scripts from internet and use it on any server having this type of vulnerability.


Some PHP Shells :-


Ani-Shell
R57 Shell
C99 Shell


Note: This tutorial and script is only for educational purpose. Use of these scripts on web servers in illegal.