Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #35301
    budoya
    Participant

    It seems I cant upload images here to show the problem. I’m having trouble getting the burp proxy exploit to work on the medium security DVWA. I’ll explain as best I can:

    Burp successfully is intercepting the shell.jpg upload.

    I am changing it to shell.php before forwarding.

    When forwarding I get the error on the DVWA upload page simply saying “Image was not uploaded”.

    #35317
    Vashisht Boodhun
    Participant

    Can you try to generate another shell as shell2 and try again?

    #35476
    budoya
    Participant

    Hi,

    I re-tried today, with several attempts at renaming ‘shell2’, ‘shell3’ etc, but it doesn’t seem to upload. Still the same ‘your image was not uploaded’ in red text.

    #35477
    budoya
    Participant

    I believe I solved the issue, sort of. Reading the burp suite output I noticed that there were cookies for security=high. It seems that sometimes when submitting security to medium it may glitch and still retain high security. After going back and re-submitting it as medium security it worked fine. However, this did happen a couple of times in a row, so it took a few tries.

    Thanks.

    #35491
    Vashisht Boodhun
    Participant

    Glad to know that you were able to fix this issue. Please don’t hesitate to contact if you need anything else:)

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.
Privacy Overview
ZSecurity logo featuring a stylized red letter Z

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping these cookies enabled helps us to improve our website.