最近有个漏洞,上传点,路径可控,POST一个路径,生成一个ID,通过访问ID的链接可显示目录是否存在或者直接读取指定格式文件;第二个数据包的传输格式为在burp的宏中不被支持,遂想通过脚本爆破,主要是POST multipart/form数据的问题。如下:
#coding:utf8
import binascii
import requests
import sys
reload(sys)
sys.setdefaultencoding('utf-8')
headers={
}
def encode_multipart_formdata(fields):
#boundary = binascii.hexlify(os.urandom(16)).decode('ascii')
boundary ='----WebKitFormBoundary0jx6gjxsnsoprBX1'
body = (
"".join("--%s\r\n"
"Content-Disposition: form-data; name=\"submit\""
"\r\n"
"\r\n"
"submit"
"\r\n"
"--%s\r\n"
"Content-Disposition: form-data; name=\"%s\"; filename=\"te1st.jpg\"\r\n"
"Content-Type: image/jpeg"
"\r\n"
"\r\n"
"%s\r\n" % (boundary,boundary, field, value)
for field, value in fields.items()) +
"--%s--\r\n" % boundary
)
content_type = "multipart/form-data; boundary=%s" % boundary
return body#, content_type
def main():
files_new={"upload_file":"123"}
files= encode_multipart_formdata(files_new)
print files
url='http://******/index.php'
html=requests.post(url,data=files,headers=headers).text
print html
if __name__ == '__main__':
main()
注:1、该种方法boundary可控;2、boundary后的参数要注意横杠数量;3、POST中的boundary需要与content-type中的boundary一致
另外网上还有一种办法是利用
request.post(url,files=files)
但测试中发现boundary不可控,且格式比较混乱,POST的时候容易出问题,摘抄如下:
#coding:utf8
import requests
import json
import sys
reload(sys)
sys.setdefaultencoding('utf-8')
headers={
*****
}
def main():
url='http://***/index.php'
#postdata={"submit":("submit")}
files={
"submit":(None,"submit"),
"upload_file":("test.jpg",open('d://test.jpg','rb'),'image/jpeg')
}
print files
#requests.get('https://baidu.com')
html=requests.post(url,files=files,headers=headers).text
print html
if __name__ == '__main__':
main()
拓展阅读(点评/知识):
参考:
https://blog.csdn.net/qq_36387683/article/details/95066303
[推荐] https://julien.danjou.info/handling-multipart-form-data-python/
https://www.techiediaries.com/python-requests-upload-file-post-multipart-form-data/
https://segmentfault.com/q/1010000004690074
https://www.jb51.net/article/133660.htm
https://www.cnblogs.com/codex/p/4385634.html
https://www.cnblogs.com/android-it/p/9558751.html
https://www.cnblogs.com/LanTianYou/p/8379419.html
https://www.cnblogs.com/slqt/p/10238019.html
http://www.testpub.cn/t/67
http://www.361way.com/requests-post/6088.html
本文标题: | python发送multipart/form data的POST数据 |
本文链接: (转载请附上本文链接) | https://vulsee.com/archives/vulsee_2019/1021_9104.html |