Upload
A vulnerable web application due to unrestricted file upload
- the app is a picture gallery
- uploaded images are not filtered or validated
- so it can be hacked by uploading a web shell or other PHP file...
Try in Play with Docker
Run with docker-compose
Easiest way to run the vulnerable app is using docker-compose:
mkdir upload
cd upload
curl -o docker-compose.yml https://gitlab.cylab.be/cylab/play/upload/-/raw/main/docker-compose.yml
docker-compose up
After a few seconds, the app will be available at http://127.0.0.1:8000
Run with Docker
docker run -p 8000:80 gitlab.cylab.be:8081/cylab/play/upload
Local testing
The repository has a docker-compose-dev.yml that you can use to test or contribute:
git clone https://gitlab.cylab.be/cylab/play/sql-injection.git
cd sql-injection
docker compose -f docker-compose-dev.yml up