De-Technocrats / dvwaupsploit

Tool for exploiting file upload vulnerabilities in DVWA (Damn Vulnerable Web Application).

Home Page:https://medium.com/@de_technocrats/exploiting-file-upload-in-dvwa-using-the-tool-dvwaupsploit-4b6be8a4e309

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

carbon (3)

version-1.0 GPLv3 Python3


Dvwaupsploit is a tool capable of exploiting file upload vulnerabilities in the DVWA environment. The tool is called "dvwaupsploit," short for "Damn Vulnerable Web Application Upload Sploit." The term "sploit" is derived from "exploit," as this tool is capable of exploiting file upload vulnerabilities in web applications.

This tool supports two attacks to bypass medium and high security levels using command injection and file inclusion attacks. You can contribute to this tool's project to add a feature that you find interesting. It's important to note that this tool only supports attacks on low, medium, and high security levels.

Of course, this tool has some backdoors to make the file upload attacks work, allowing an attacker to perform remote code execution on the target server.

The reason why this tool was created is that we initially wanted to develop a tool like this but capable of working on real world websites. However, due to time constraints and a shortage of developers to contribute to our organization's projects, we were only able to develop this tool for the DVWA environment.

Install

1. git clone https://github.com/De-Technocrats/dvwaupsploit.git
2. cd dvwaupsploit
3. pip install -r requirements.txt

Usage

1. python dvwa.py (-argument)

Screenshots

- Bypass low security level

low security

- Bypass medium security level

medium security

- Bypass high security level

high security