Image File Upload Vulnerability. Attackers can try to abuse upload forms by for example uploading a php file in place of an image file. In this article we are being told about xml external entity injection.
Never allow user to upload any executable files like php exe py etc. A remote user could abuse the uuid parameter in the image upload feature in order to save a malicious payload anywhere onto the server and then use a custom htaccess file to bypass the file extension check to finally get remote code execution. You may not have heard about your xml external entity injection before because very little is talked about it.
Visit the vulnerability menu inside dvwa lab to select file upload.
File upload vulnerability are a major problem with web based applications. File upload vulnerability are a major problem with web based applications. Never allow user to upload any executable files like php exe py etc. A remote user could abuse the uuid parameter in the image upload feature in order to save a malicious payload anywhere onto the server and then use a custom htaccess file to bypass the file extension check to finally get remote code execution.