In this video I demonstrate how to get into a webserver through an unsanitized file upload functionality.
First, we're dealing with a server for which the access to the administrator panel is easily achieved. Once inside the admin panel, the file upload functionality allows for uploading files with extensions that might lead to remote access in the server (through a remote shell).
So, what I did was to upload a php reverse shell, but before I set up a listener on my local machine. Once I execute the reverse php shell on the server, it throws back a shell on my local machine. What's left to do from there on is privilege escalation - or getting from a low privileged user to full system privileges, as administrator, or in this case - root.
This goes to show that if you're managing or administering web servers, you have to make sure you stay away from such misconfigurations because this would allow malicious users to own your system and cause unwanted damage.
To stay in touch with me, follow @cristi
Cristi Vlad Self-Experimenter and Author