first commit

dvwa/vulnerabilities/upload/source/low.php

@@ -0,0 +1,19 @@
+<?php
+
+if( isset( $_POST[ 'Upload' ] ) ) {
+	// Where are we going to be writing to?
+	$target_path  = DVWA_WEB_PAGE_TO_ROOT . "hackable/uploads/";
+	$target_path .= basename( $_FILES[ 'uploaded' ][ 'name' ] );
+
+	// Can we move the file to the upload folder?
+	if( !move_uploaded_file( $_FILES[ 'uploaded' ][ 'tmp_name' ], $target_path ) ) {
+		// No
+		$html .= '<pre>Your image was not uploaded.</pre>';
+	}
+	else {
+		// Yes!
+		$html .= "<pre>{$target_path} succesfully uploaded!</pre>";
+	}
+}
+
+?>