File Upload Vulnerability Report
Bypassing DVWA file upload filters with content-type spoofing and double extensions to plant a PHP reverse shell via LFI.
whoami
Red Team Operator / Security Researcher
Offensive tooling, evasion & adversary emulation.
Bypassing DVWA file upload filters with content-type spoofing and double extensions to plant a PHP reverse shell via LFI.
Chaining Local File Inclusion with Apache log poisoning to achieve RCE on DVWA, and mitigations like file permissions and whitelisting.
Using a phishing email to trigger a CSRF password change on DVWA’s admin account, plus defenses like CSRF tokens and SameSite cookies.
Exploiting OS command injection in DVWA to read files and gain a socat reverse shell, with input validation and sanitization defenses.
A breakdown of the CVSS base score metrics and how each exploitability and impact metric influences a vulnerability’s severity rating.